Hi Team,
I have a couple of logs to be monitored daily from a directory called LOG. The log name is error log.0, error log.1, and so on, where 0 means Sunday , 1 -->Monday etc. After 7 days, the logs will be automatically deleted from the directory.
Can someone suggest the search command to execute this? I have tried error log.*
which will index all logs daily (unnecessary action)
Thanks
Deepthi
If you use "log.*" Splunk will indeed index all seven logs the first day, but after that should recognize that some files haven't changed and not re-index them.