Hi,
I have two types of logs into my directory : dnslogs and proxylogs, from AWS S3.
These two directories are monitored according to their sourcetype.
When I begin downloading of new logs from AWS to my directories, Splunk add only 2 events instead of thousands, and these events are not good because Splunk add these event before the end of downloading.
So, I stop Splunk, then I download new logs. When it's finish, I start Splunk.
So, I would like to configure Splunk to scan, when it starts, my directories to add new log downloaded.
... View more