I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\
Below is my input.conf
[monitor://F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\adminids.txt]
index=cmr-reports
sourcetype=db2:accounts
disabled = 0
[monitor://F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs*]
index=cmr-reports
sourcetype=db2:accounts
disabled = 0
Files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\
adminids.txt
rgndbp1.txt
rgndbp2.txt
rgndbp3.txt
rgndbp4.txt
rgndbp5.txt
rgndbp6.txt
rgndbp7.txt
rgndbp8.txt
rgndsp0.txt
I am able receive all files in splunk except "adminids.txt" file.
Can anyone suggest what I am doing wrong ?..
Thanks in advance..
Hi pal_sumit1,
if the content of the file is the same of F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\adminids.txt it's correct, because Splunk doesn't index twice the same file also with different names (or paths).
in this case you should try crcSal = <SOURCE>
option to force Splunk to index both the files.
Ciao.
Giuseppe