Hello,
I have an universal forwarder configured to watch a file using the inputs.conf(crcSalt=<SOURCE>). This works perfect, but I need to test sending the same file over and over again by prodding the local fishbucket instance to "forget" the file being monitored.
Unfortunately when I run the btprobe command, I get file not found.
btprobe -d /opt/splunk/var/lib/splunk/fishbucket/splunk_private_db --file /path/to/somefile --reset
I did a btool list input status, and the correct file shows up.
I then did a compute crc with the salt set to "/path/to/somefile" and used that in the btprobe command earlier and still doesn't work.
btprobe --compute-crc /path/to/somefile --salt "/path/to/somefile"
I used the results of the above command and did this and still found nothing.
splunk cmd btprobe -d $SPLUNK_DB/fishbucket/splunk_private_db -k ALL | egrep 0x34a86c35e2c71990
Can somebody point me in the right direction to get around this issue?
