I have to monitor all files inside one directory. But the tiny sized files are not getting into Splunk while all other files are duly getting indexed. i used CRCSalt parameters and Below is my config settings for inputs file.
[monitor://L:\XYZ.2.0\XYZlogs\*] disabled = false index = app_XYZ sourcetype = _json crcSalt = Source in greater than and less than sign initCrcLength = 256
Please tell us what am I missing out on.
Did you ever resolve your problem? I am experiencing the same issue with very small files ( < 2KB ) that Splunk forwarder is missing/skipping. Sometimes, I can delete and re-create the log file and Splunk will pick it up but sometimes nothing will trigger the forwarder to send the file to the indexers.
Do you LITERALLY have this:
Or have you substituted the word
SOURCE for something else like this:
YOU MUST NOT DO THE LATTER! YOU MUST DO THE FORMER!