Hey.
My antivirus generates 4 html reports every day in a folder, but I see a different number of events every time in Splunk (from 2 to 4). I think it's because reports may be same, so Splunk doesn't make new events. It does create dates for these reports every time.
inputs.conf on forwarder:
[monitor://C:\splrpt\*.html]
disabled = false
sourcetype = kavsrc
index = kav
increasing initCrcLength is work fine, but i dont understand why, it's just search changes from start, so how work syslog for example, it's adding strings to end
increasing initCrcLength is work fine, but i dont understand why, it's just search changes from start, so how work syslog for example, it's adding strings to end