Hello,
I would like to monitor a file that is generated by a script. The script is run daily and the results can be the same for many days in a row. Splunk doesn't seem to take consecutive results if they are the same.
Is there any way I can force Splunk to index data daily each time a new file is generated. The only thing changing from one file to the other is the "modified date" while the rest is the same (file name,content, etc..). I don't mind having the same data many times on different dates.
Thank you.
Regards,
David
Hi,
One trick that you can do is make a script to print the ouput of the file and index the output, with current time
Hope i help you
As per inputs.conf
-- Must be in the range 256-1048576.
So, you need to ensure that something is different in the first 256 bytes (unless you change the default). Adding the date or a random number.
my entire file is the same daily 😄 any solution with something like CRCsalt= ?
Hi,
One trick that you can do is make a script to print the ouput of the file and index the output, with current time
Hope i help you
smart plan 😄 i was looking for something more like CRCsalt= ..don't know if that exists..
No for this time sorry.
Thank you jmallorquin