To recap my question, I have a windows 2008 server, in my inputs.conf I put down
[monitor://C:\test\*] and [monitor://C:\test\*.txt] which neither work, but if I specify the file name like this [monitor://C:\test] or [monitor://C:\test\test.txt] then indexer does read in test.txt.
I thought it as the permission issue, so I run the splunk process with administrator right by right click on the file and run it as administrator. I also right click on the folder to change the permission that everyone can read and write on it.
Is there any other I can do to solve this? The wild card works in my linux machine.