Dear All,
I am need to monitor a folder in which which all file are getting generated and which all the files get deleted at what all time all those things.
here is my syntax.
Am i making mistake here?
[fschange:D:\Test_logs\testingfschange\]
signedaudit = false
index = test
sourcetype = fschangeevents
Thanks
Gajanan Hiroji
fschange
has long been deprecated, so it is recommended that you take advantage of file system auditing on your chosen platform and let Splunk consume the audit information.
It appears that the file you wish to audit is on Windows... THIS article gives you the step by step info.