Getting Data In

Not receiving all files present in the directory?

pal_sumit1
Path Finder

I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\
Below is my input.conf

[monitor://F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\adminids.txt]
index=cmr-reports
sourcetype=db2:accounts
disabled = 0

[monitor://F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs*]
index=cmr-reports
sourcetype=db2:accounts
disabled = 0

Files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\
adminids.txt
rgndbp1.txt
rgndbp2.txt
rgndbp3.txt
rgndbp4.txt
rgndbp5.txt
rgndbp6.txt
rgndbp7.txt
rgndbp8.txt
rgndsp0.txt

I am able receive all files in splunk except "adminids.txt" file.

Can anyone suggest what I am doing wrong ?..

Thanks in advance..

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi pal_sumit1,
if the content of the file is the same of F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\adminids.txt it's correct, because Splunk doesn't index twice the same file also with different names (or paths).
in this case you should try crcSal = <SOURCE> option to force Splunk to index both the files.

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...