How do I force splunk to index new files in the directory that is being monitored immediately? sometimes it takes really long for it to detect/index new files. I have just one folder that splunk is monitoring... and it still doesn't pick up my file. I have to bounce the forwarder everytime, to make splunk pick up my new files. Is there a setting somewhere, that i can change, to make splunk monitor my dir more often that is... Or is there a CLI command that I can issue to force splunk to monitor that dir ?
Splunk Indexer: 4.1.4-82143 Splunk Forwarder:4.0.10-77919
Thanks!
I'd recommend that you switch the forwarder over to 4.1.x. There isn't much you can do about the file monitor in 4.0, but it was re-implemented for 4.1 and now offers much better and more responsive performance.