Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cannot search for new file- How do I get Splunk to pick up the file so I can view it in the UI?

kielsd1045
New Member
‎08-08-2022 01:27 AM

I am creating a new file in the /var/log directory but when I sure for events I get zero result. How do I get Splunk to pick up the file so I can view it in the UI?

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎08-08-2022 02:39 AM

You need to check if you have a monitor input configured in the machine where the file is.

In the machine it self you can use tool to find this

/opt/splunk/bin/splunk btool inputs list --debug monitor
------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top