How do I force splunk to index new files in the directory that is being monitored immediately? sometimes it takes really long for it to detect/index new files.
I have just one folder that splunk is monitoring... and it still doesn't pick up my file.
I have to bounce the forwarder everytime, to make splunk pick up my new files.
Is there a setting somewhere, that i can change, to make splunk monitor my dir more often that is...
Or is there a CLI command that I can issue to force splunk to monitor that dir ?
I'd recommend that you switch the forwarder over to 4.1.x. There isn't much you can do about the file monitor in 4.0, but it was re-implemented for 4.1 and now offers much better and more responsive performance.