I recently set up a Splunk UF on a Windows server that did not have it. As part of that process I deployed the same deployment client that was used with all the other servers. My only goal for now is to do file monitoring from this specific server and to start I wanted to monitor a file location of a csv. 

The inputs.conf file looks like this:

[default]

host=SERVER1

[monitor://E:\Scripts\S_M\T_I\abipdb.csv]

sourcetype=abipdb-csv

index=abipdbindex

disabled = 0

The outputs.conf file was copied from one of the server locations with a UF that work fine. The events should be forwarding the data to an indexer cluster:

[tcpout]

defaultGroup=indexers_1,indexers_2

[tcpout: indexers_1]

server=10.##.##.##, 10.##.##.##

[tcpout: indexers_2]

server=10.##.##.##, 10.##.##.##

The splunkd.log shows that the above file location was added to watch. I did deploy an app with the new abipdbindex to the indexer cluster and I can see that index in the index list for each indexer (when checking in Splunk Web). I have a props.conf file set up for that sourcetype:

[abipdb-csv]

FIELD_DELIMITER=,

FIELD_NAMES=column1, column2, column3 etc... (column names match the column names in the csv file)

All the above conf files are stored in system\local and there is no other apps set up on this UF. 

However, the index has not ingested any events successfully. What could be set up incorrectly and why is the csv file not being ingested properly?