I encountered a problem when retrieving data from rotate log files: duplicate event. For example: the event in file test.log.1 has been retrieved, when rotating to test.log.2 splunk retrieves it again. How to configure splunk to only retrieve the latest events and not events that have been rotated to another file? ===== Log4j App information: log4j.appender.file.File=test.log log4j.appender.file.MaxFileSize=10000KB log4j.appender.file.MaxBackupIndex=99 ===== Splunk inputs.conf information [monitor:///opt/IBM/WebSphere/AppServer/profiles/APP/test.log*]
