Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitoring Input Returned only one file

rajindurbal
Path Finder
‎01-08-2019 06:26 PM

So I am monitoring a folder for all of the files in the folder on a splunk universal forwarder. In the SplunkUniversalforwarder/etc/system/local the config is:

[monitor://*.csv]
disabled = 0
index = abc
sourcetype = abc_sourcetype
ignoreOlderThan = 14d

So far I am only getting one file from the folder, when there are about 20. What do I need to do to fix this?

0 Karma
Reply

kichojiran
New Member
‎01-08-2019 06:54 PM

Try it after delete "ignoreOlderThan = 14d"

OR Check if the files are 14 days old.

0 Karma
Reply

rajindurbal
Path Finder
‎01-08-2019 07:05 PM

@kichojiran Thank you for the response. I tried removing it to see if that made a difference. All of the files in the folder are from the past 12 hours. It did not seem to fix the issue.

0 Karma
Reply

kichojiran
New Member
‎01-09-2019 12:52 AM

Nothing unusual about the splunkd.log contents?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...