Thank you.
I believe my path is correct. If I intentionally make it wrong I get an error: "Parameter name: Path does not exist."
I cannot see the new sourcetype in Splunk, or firewall3.log in Sources. The same file with a different name inside a peer folder loads fine in source and as sourcetype if I use oneshot command to add the file. This cannot be a permission error.
Please let me know what do you mean that I am not indexing the file correctly? Before I use add monitor command I use: ./splunk add index -name newindex3
Does it look wrong to you?
A link to the documentation you sent is the one I mentioned in my post - I have seen it, but I am afraid I am missing something. The trouble is I don't get any errors in the terminal when I add index and when I add monitor, but a new sourcetype is not created, and Splunk does not see the file in Sources. Thank you.
... View more