I have set up an FTP server on my splunk indexer so that our AS400 and FTP over log files. I have set up under "Files & Directories" in Splunk Manager a rule to continuously collect from the the same folder as the AS400 is FTPing the log file in. I'm not getting the log messages into Splunk or Splunk for AS/400. I have set the sourcetype to iseries and also tried dspjrn:5 and have verified the destination index is iseries. I'm still not able to pull in the logs. Does the log file itself need a specific name? The filename I'm trying to pull in is jern.jern. Any ideas?
Thanks
This was a formatting error on the AS/400 logs before they were sent over
This was a formatting error on the AS/400 logs before they were sent over
I went to Splunk Manager from the AS/400 app.
Did you put the inputs into the correct app? What app were you in when you went to Manager and added the inputs?