I want to forward the data of a Alarm.txt file using splunk forwarder but limit the index to only last xxx lines of the file.
The problem is my txt file has Day Month date and time and it does not have year. It will just repeat with 5 years of repeat of the months on this file. Only the end of the file is the most current year information.
Tue Jan 25 11:53:02, Set Alarm
Tue Jan 25 11:53:15, Set Alarm,
Tue Jan 25 12:02:54, Set Alarm,
Wed Feb 02 08:51:07, Set Alarm,
.....
Thu Dec 04 05:59:13, Set Alarm
Tue Jan 25 12:02:54, Set Alarm,
Can someone guide me on what I need to do so that it only extract the last part of the file?
Or if someone has a way for me to assign the correct year on each part of this file that will also work, so that I can index all the data with the correct year information.
Right now Splunk index everything as 2017 on this file.
... View more