The WindowsUpdate.log file is being generated using the Splunk Add-on for Microsoft Windows app.
## Enable below powershell and monitor stanzas to get WindowsUpdate.log for Windows 10 and Server 2016
## Below stanza will automatically generate WindowsUpdate.log daily
script = ."$SplunkHome\etc\apps\Splunk_TA_windows\bin\powershell\generate_windows_update_logs.ps1"
schedule = 0 */24 * * *
## Below stanza will monitor the generated WindowsUpdate.log in Windows 10 and Server 2016
sourcetype = WindowsUpdateLog
However, the Splunkd.log shows it's always 'in use'? As such, I obviously don't get any data into Splunk.
06-18-2019 20:43:09.817 +1000 WARN TailReader - Access error while handling path: failed to open for checksum: 'C:\Program Files\SplunkUniversalForwarder\var\log\Splunk_TA_windows\WindowsUpdate.log' (The process cannot access the file because it is being used by another process.)
This is happening on every server I've deployed the Splunk Add-on for Microsoft Windows app.
Is there something I've missed?