I have 1000+ json files located in a directory and those files will be overwritten by every day. the file name starting with same characters as shown below,
1000010496,1000011820,1000013553,1000010097,1000010362...
my issue is that splunk forwarder is not reading all the files. I have tried flushing fishbucket,deleted indexed data,crcSalt,adding timestamp in filename and none of this have helped me to get entire data. even very less count of source files are showing in splunk. how to read this 1000+ files repeatedly without missing data?
json files starts like below,
$result = [
{
'advisory_type' => 'Security Advisory',
'date' => '10/12/17',
'advisory_name' => 'CL-SA-2017:0061',
} ....
....
Thanks in advance.
... View more