I want to monitor /foo/log as well as /foo/bar/log and /foo/var/log. However, I am unable to using this our forwarder currently:
Inputs.conf:
[monitor:///foo/.../log]
... View more
Thanks Phadnett! The query worked but it was showing 5 violations whereas my search didn;t lock out. Anyways, I will keep this query as the message is exactly what I was looking for.
... View more
@phadnett: I see some variations in the number of violations messages that I see under LURV and the reason I posed this question. My question is there a pattern inside splunk logs on the license master server that would help me to see that I have violated 3 times in last 30 days or an alternate splunk query?
... View more
Violation alerts under licensing tab are not consistent and it seems to retrieve those messages using REST API. Re-framing my earlier question, is there a way to track the number of violations from the splunk logs?
... View more
I have installed Splunk 6.2 version and it shows a license violation under category 'license_window'. Is there any way we can find out how many violations have occurred in last 30 days in version 6.2?
... View more