In my inputs.conf, I have:

[monitor://cust/http*/web-*/var/log/modsec-audit.log*] 

[monitor://cust/http*/web-*/var/log/*access.log*] 

[monitor://cust/jboss-as*/server/app-*/log/server.log] 

Why did I get these errors:

08-19-2011 01:02:15.148 +0000 ERROR TailingProcessor - Unable to resolve path 
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/view.1. 
08-19-2011 01:02:15.149 +0000 ERROR TailingProcessor - Unable to resolve path 
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/vim.1. 
08-19-2011 01:02:15.151 +0000 ERROR TailingProcessor - Unable to resolve path 
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/vimdiff.1. 
08-19-2011 01:02:15.153 +0000 ERROR TailingProcessor - Unable to resolve path 
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/vimtutor.1. 
08-19-2011 01:02:15.155 +0000 ERROR TailingProcessor - Unable to resolve path 
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/xxd.1. 

I didn't ask Splunk to monitor /cust/soe/ directories.