Getting Data In
Highlighted

How to set continuous monitoring of an input file so that it gets indexed as the file gets updated?

Communicator

Hi,

I have Splunk installed on my local Windows machine.
From Splunk Web url, am doing below steps
Settings -> Add data -> Monitor Data ->Add sourcetype add index and submit

Data is coming from the xlsheet correctly under correct index and sourcetype, but problem is when the xlsheet file changes the changed data doesn't come up until i add the same file again from data inputs and do the same steps again.

Can someone please help on how to get the data indexed in Splunk as soon as the input file gets updated.

Thanks

0 Karma
Highlighted

Re: How to set continuous monitoring of an input file so that it gets indexed as the file gets updated?

Builder

When you click on Settings->Add Data->Monitor Data->Files & Directories, are you making sure the "Continuously Monitor" setting is selected instead of "Index Once"?

0 Karma
Highlighted

Re: How to set continuous monitoring of an input file so that it gets indexed as the file gets updated?

Communicator

Yes off course....

0 Karma
Highlighted

Re: How to set continuous monitoring of an input file so that it gets indexed as the file gets updated?

Legend

Hi surekhasplunk ,
when you say "xlsheet file changes" do you mean that there are additional lines on the top of the file or that any cells are changed?
Because the changed cells aren't taken by new loads, you can only load the new lines.
If you want to take changes, you have to reload the entire file and manage duplicates with dedup command; if you do this, remember to insert in your inputs.conf stanza the crcSalt= option.

Bye.
Giuseppe

0 Karma
Highlighted

Re: How to set continuous monitoring of an input file so that it gets indexed as the file gets updated?

Communicator

when I say xlsheet changes I mean new rows get added to the bottom of the file.
So if I add this line "crcSalt= option" to inputs.conf file for my input file I need not have to reload again and again right

0 Karma
Highlighted

Re: How to set continuous monitoring of an input file so that it gets indexed as the file gets updated?

Legend

Splunk check the first charachters of a file, if modified take the new lines, could you insert the new lines in the beginning of your file instead the bottom?
Bye.
Giuseppe

0 Karma