Hello, I am very new to Splunk and have been trying to learn about it through videos and reading. I am part of an IT Service company that provides support for small to medium-sized businesses. We are looking into using Splunk to monitor failed logins and changes to files on network shares. As far as I know, Splunk can do both of those things. We installed Splunk on our test server and I was able to set it up to search for the failed logins and it worked. The issue is that it only works right when I add the data. It is not pulling in any logs after I have added the data. What would we need to do to have it keep updating the logs? Also if someone could point me in the direction of where I could learn to setup file monitoring, I would be extremely grateful. Thank you.
... View more