Hi,
i am monitoring IIS logs for my environment and i want to ignore the older log files.i just want the files for the last 3 days.
here is my inputs.conf
[monitor://C:\inetpub\logs\LogFiles\W3SVC2]
disabled=false
index=fam
sourcetype=ms:iis:auto
ignoreOlderThan=2d
attached are the screenshot for the log file location and output for the list monitor
Any help is appreciated
Thanks
It's likely your configuration is working as expected.
./bin/splunk list monitor
will still show the files as being monitored, but that doesn't indicate they will be indexed. Have you searched your indexed data to ensure the old data hasn't actually been ignored?
It's likely your configuration is working as expected.
./bin/splunk list monitor
will still show the files as being monitored, but that doesn't indicate they will be indexed. Have you searched your indexed data to ensure the old data hasn't actually been ignored?
Thanks for the quick response as a matter of fact i don't have data older than 4 days.Thanks MicahKemp