My situation is: I have installed the Net-snmp and I have configured this to receive trap to the snmptrapd.log and I also have installed the splunk and have configured the those script in input.conf file
Finally, I also can get the log in the splunk. (1) Now, I have a question that I want to record\export the log from the index or from the raw data to other txt file or some file that I can available to see the log periodically in splunk. Does Splunk provide this function? or how?
(2) I also want to clear the snmptrapd.log periodically in splunk or other method because I think when the there are large amount log in snmptrapd,and I also can not delete the script in snmptrapd.log unless stop the snmp service. when the snmptrapd.log can not receive more data, I don't know want will happen. Does splunk can handle this problem?
Have you experienced challenges monitoring the file? I noticed alwaysOpenFile=1 in your configuration. This isn't usually necessary if Splunk can see the log was updated using its other detection mechanisms (timedate stamp, size, etc)