Getting Data In

How to monitor and index html reports generated daily, even if there are no changes?

Shark2112
Communicator

Hey.

My antivirus generates 4 html reports every day in a folder, but I see a different number of events every time in Splunk (from 2 to 4). I think it's because reports may be same, so Splunk doesn't make new events. It does create dates for these reports every time.

inputs.conf on forwarder:

[monitor://C:\splrpt\*.html]
disabled = false
sourcetype = kavsrc
index = kav
0 Karma
1 Solution

Shark2112
Communicator

increasing initCrcLength is work fine, but i dont understand why, it's just search changes from start, so how work syslog for example, it's adding strings to end

View solution in original post

0 Karma

Shark2112
Communicator

increasing initCrcLength is work fine, but i dont understand why, it's just search changes from start, so how work syslog for example, it's adding strings to end

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...