I've got a local directory configured in my inputs.conf as so:

[monitor:///Volumes/A/b/c/dir]
disabled = false
followTail = 0
host = fubar

And this seemed to be working fine, but for No Reason I Can See, as new files were added to "dir" they ceased being indexed. The inputs manager says there should be 23 files in the directory (there are 22) and each file is named after the date it was created, such as 20110410.txt and so on.

However, nothing new shows up for the last few days in the Splunk index, and no searches yield results for the data that is clearly in files which should be monitored in that directory.

What's the best/right way to fix this? I found other posts here which had similar issues and people suggested | delete and re-adding specific files as a one-off, but I'm not sure that's a long term fix. I've also tried deleting and re-adding the data source, but, to no avail.

When I do a CLI check for the source:

PROPERTIES OF /Volumes/A/b/c/dir/20110422.txt
    Attr:ANNOTATE_PUNCT True
    Attr:BREAK_ONLY_BEFORE  
    Attr:BREAK_ONLY_BEFORE_DATE True
    Attr:CHARSET    UTF-8
    Attr:DATETIME_CONFIG    /etc/datetime.xml
    Attr:HEADER_MODE    
    Attr:LEARN_SOURCETYPE   true
    Attr:LINE_BREAKER_LOOKBEHIND    100
    Attr:MAX_DAYS_AGO   2000
    Attr:MAX_DAYS_HENCE 2
    Attr:MAX_DIFF_SECS_AGO  3600
    Attr:MAX_DIFF_SECS_HENCE    604800
    Attr:MAX_EVENTS 256
    Attr:MAX_TIMESTAMP_LOOKAHEAD    128
    Attr:MUST_BREAK_AFTER   
    Attr:MUST_NOT_BREAK_AFTER   
    Attr:MUST_NOT_BREAK_BEFORE  
    Attr:PREFIX_SOURCETYPE  True
    Attr:SEGMENTATION   indexing
    Attr:SEGMENTATION-all   full
    Attr:SEGMENTATION-inner inner
    Attr:SEGMENTATION-outer outer
    Attr:SEGMENTATION-raw   none
    Attr:SEGMENTATION-standard  standard
    Attr:SHOULD_LINEMERGE   False
    Attr:TRANSFORMS 
    Attr:TRUNCATE   10000
    Attr:is_valid   True
    Attr:maxDist    9999
    Attr:sourcetype 20110422-too_small

As far as I can tell, that looks right.

Thanks!!