Hi,
I have configured Files & Directories monitoring by going to Data inputs->Files & Directories and when i do a search i am getting results with the information of changes(appended data). But when i tried to delete a file or create a few empty file or a folder within a monitored folder, these changes were not detected. i am especially interested in monitoring deletion of files with splunk
I am new to splunk. Please let me know if this is possible? if yes how can i achieve this? should i need to add anything else in the input.conf file?
Is this Windows or *Nix?
Depending on your Splunk version, you could try an fschange input. The docs are here: http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/Monitorchangestoyourfilesystem
Here's some more info on how to do it on Windows: https://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows
As an alternative to FSChange, there are some Open Source (and not) solutions (i.e. TripWire).