My Server monitors 4 0ut of 5
The one below does not get monitored:
inputs.conf referring to this instance:
[monitor://C:\Windows\System32\LogFiles\HTTPERR] disabled = false followTail = 0 host = iis.windowsservername sourcetype = iis_error blacklist = \.gz$
There are lots of possible reasons for your events not being seen where you expect them.
Apart from that, it might be a good idea to see what the forwarder thinks it is doing with the file by querying this url;
You might also want to investigate this setting in inputs.conf on the forwarder.
alwaysOpenFile = [0|1] * Opens a file to check whether it has already been indexed. * Only useful for files that do not update modtime. * Only needed when monitoring files on Windows, mostly for IIS logs. * This flag should only be used as a last resort, as it increases load and slows down indexing. * Defaults to 0.