Our Splunk Forwarder on Windows Server is monitoring 2 folders containing approximately 1k log files total. I am ignoring the vast majority of the files. Each log file is fairly large, and is constantly being written to. Each one contains a day's worth of data, about 24k lines of text when the day is over.
When the Splunk Forwarder is on, the application that logs to it seems to skip logging intermittent lines of text. When it is off, all lines are logged.
Our inputs.conf file is very sparse:
[monitor://C:\Data\Import\log\*.log]
ignoreOlderThan = 2d
[monitor://C:\Data\Export\log\*.log]
ignoreOlderThan = 2d
Any suggestions?
... View more