I'm trying to index Nessus and Snort rules for use in cross-correlation of security events. In previous versions of Splunk, I had to add an entry in props.conf (crcSalt = ) to ensure that Splunk would reindex the entire file any time the contents changed.
But now when I startup Splunk running 4.3.1, I get errors about a potential syntax error:
Possible typo in stanza [nessus_plugins] in /opt/splunk/etc/apps/ResponsysSecurityConsole/local/props.conf, line 5: crcSalt =
Is this option still supported? If not, what can I do to ensure that Splunk always indexes the complete file when any changes to it are detected?
