I'm testing Splunk to monitoring the log of an application. The logs are generated with log4j.
When I configure Splunk to index the log file, no more activity is traced by the application.
When using tail in command line, I don't have the problem.
How can I configure splunk not to lock the file ?
I have found a solution by adding a syslog appender to the log configuration file of log4j.
Splunk has been set up to listen on port UDP 514.
View solution in original post