We are testing Splunk if we could monitor our Avamar backup system agent job logs and see where backups are failing. Backup jobs are logged in individual log files where one file contains logs of one backup job. After certain period old log files are deleted.
So I added in inputs.conf file:
[monitor://C:\Program Files\avs\var\clientlogs\*.log]
But log files don't get logged. In Forwarders splunkd.log I have errors:
TailingProcessor - File will not be read, seekptr checksum did not match
TailingProcessor - File will not be read, is too small to match seekptr checksum
So I probaly need some other settings too in inputs.conf? And I've like to see one log file like one event in Splunk, is this possible?
... View more