Hi all, i have a simple splunk app that monitors a folder and indexes a text file that is overwritten every hour. It works fine. Then all of a sudden, it just stops indexing, even as new files are created. Below are my configs. Any suggestion is appreciated
[monitor://E:\Splunk\ccure\AllSites\*.txt] sourcetype = ccure:allsite:csv index = security disabled = false
[monitor://E:\Splunk\ccure\Forced_Held\*.txt] sourcetype = ccure:door_csv index = security disabled = false
when did indexing stop? if it happened from the 1st of the month, you should check the date format, because if it is in European format (dd / mm / yyyy) and you have not defined the TIME_FORMAT, Splunk interprets it with the American format (mm / dd / yyyy) . The problem will be solved automatically from the 13th until the end of the month because there will be no more ambiguity.
Thanks for your response. It stopped indexing 4/3/2021. And since then, the text file has been overwritten every hour with new contents, but for some reason, it is just not picking up the updated file. Also, the program creating the text file does not have the ability to give the file a new name everytime it generates it.