In splunk enterprise security, I am trying to add data from a directory using 'Monitor'. Files gets created in the directory in real time. So, I want to use 'Monitor' and select 'directory' under 'Files & Directories'.
I ingested the data with one file and it was successful and I am able to search event too.
But upon adding new files in the specified directory, should I assume the splunk will read new files as they come in or do I need to do anything else to make splunk read new data from that directory?
Right now, in the 'Select Source' page, I selected 'Continuously Monitor' option but upon adding new files in the direcory splunk is not reading those since I am not ale to search those events.
... View more