I have to monitor all files inside one directory. But the tiny sized files are not getting into Splunk while all other files are duly getting indexed. i used CRCSalt parameters and Below is my config settings for inputs file.
[monitor://L:\XYZ.2.0\XYZlogs\*] disabled = false index = app_XYZ sourcetype = _json crcSalt = Source in greater than and less than sign initCrcLength = 256
Please tell us what am I missing out on.
Yes path is accurate given other large files are duly getting indexed in splunk.
Also i just discovered that few of the data is going into "lastchanceindex". Why is that the case.
You have the setting wrong. Use this exactly (do NOT change anything at all):
Yes its indeed the same settings.
crcSalt=SOURCE with angular brackets
Do you LITERALLY have this:
Or have you substituted the word
SOURCE for something else like this:
YOU MUST NOT DO THE LATTER! YOU MUST DO THE FORMER!