Universal forwarder monitor not working

sushildabare · ‎09-30-2011

Universal forwarder is installed in linux server spwdfvml0247.
spwdfvml0247:/usr/sap/IX4/SYS # ll [we have below files under this path]
[drwxr-xr-x 3 ix4adm sapsys 4096 Jul 14 2010 exe]
[drwxr-xr-x 3 ix4adm sapsys 4096 Jul 8 2010 gen]
[lrwxrwxrwx 1 ix4adm sapsys 18 Jul 8 2010 global -> /sapmnt/IX4/global]
[lrwxrwxrwx 1 ix4adm sapsys 19 Jul 8 2010 profile -> /sapmnt/IX4/profile]
[drwxr-xr-x 2 root root 4096 Sep 28 15:41 profile_backup]
[drwxr-xr-x 2 ix4adm sapsys 4096 Jul 8 2010 src]

Index server is installed on windows server spwdfvm1490.
All data under the path /usr/sap/IX4/SYS is being passed/indexed to the indexer except 'profile' folder.
Even if we monitor specific file in 'profile' folder its not getting passed/indexed in the index server. In input activity also this is not showing.
Below is the monitor we are using in inputs.conf from forwarder
spwdfvml0247:/opt/splunkforwarder/etc/apps/search/local # cat inputs.conf

[monitor:///usr/sap/IXV/SYS/profile]
disabled = false
index = erp

Please help and let me know why this monitor is not working and not getting indexed.

Thanks
Rajshekhar

sushildabare · ‎10-11-2011

Hello,
We tried adding crcSalt = parameter in monitor stanza, but after that also its not working.

Can you tell is this something related to CRC? as it shows in the error

directory/s:key /s:dict /s:key /usr/sap/IX4/SYS/profile/s:key ignored file (crc conflict, needs crcSalt)/s:key /s:dict /s:key

What needs to be done to solve this problem?