Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Monitoring Input Returned only one file

rajindurbal
Path Finder
‎01-08-2019 06:26 PM

So I am monitoring a folder for all of the files in the folder on a splunk universal forwarder. In the SplunkUniversalforwarder/etc/system/local the config is:

[monitor://*.csv]
disabled = 0
index = abc
sourcetype = abc_sourcetype
ignoreOlderThan = 14d

So far I am only getting one file from the folder, when there are about 20. What do I need to do to fix this?

0 Karma
Reply

kichojiran
New Member
‎01-08-2019 06:54 PM

Try it after delete "ignoreOlderThan = 14d"

OR Check if the files are 14 days old.

0 Karma
Reply

rajindurbal
Path Finder
‎01-08-2019 07:05 PM

@kichojiran Thank you for the response. I tried removing it to see if that made a difference. All of the files in the folder are from the past 12 hours. It did not seem to fix the issue.

0 Karma
Reply

kichojiran
New Member
‎01-09-2019 12:52 AM

Nothing unusual about the splunkd.log contents?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...