[1] May I know what are the differences between using monitor or fschange?
[2] Is there a documentation about fschange? If there isn't, how do I make use of it?
[link text][1]Monitor is intended to be the input method for live log files that you continuously write data to. The fschange input method is intended to monitor a change in the filesystem. A basic example for each item:
For more details you can read the documentation here:
http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories
http://www.splunk.com/base/Documentation/latest/Admin/Monitorchangestoyourfilesystem
[link text][1]Monitor is intended to be the input method for live log files that you continuously write data to. The fschange input method is intended to monitor a change in the filesystem. A basic example for each item:
For more details you can read the documentation here:
http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories
http://www.splunk.com/base/Documentation/latest/Admin/Monitorchangestoyourfilesystem
Current Link:
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectories
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorchangestoyourfilesystem
Since those links currently fail for me