Yes, I opened a case. Actually my issue is that when I edit or disable a realtime search, the search triggers. I suspect the two issues are related. I'll post whatever solution I get from support.
... View more
I encountered the exact same behavior. In my case the problem was due to having two colons after the "Monitor" keyword. This caused Splunk to interpret my path as ":\D:\blah\blah*"
These commands are useful to see what files / directories are matching the wildcards:
$SPLUNK_HOME/bin/splunk list monitor
$SPLUNK_HOME/bin/splunk _internal call /services/admin/inputstatus/TailingProcessor:FileStatus
... View more