Hi,

I have a script on heavy forwarder which output a csv file in /bin 

I have an inputs.conf set like this : 

[script://./bin/my_script.py]
interval = * * * * *
index = test
sourcetype = test:st
disabled = 0

[monitor:///opt/splunk/etc/apps/my_app/bin/csv_file.csv]
index = test
sourcetype = test:st
disabled = 0
crcSalt = <SOURCE>

My props.conf :

SHOULD_LINEMERGE = false
FIELD_DELIMITER=,
HEADER_FIELD_LINE_NUMBER = 1
HEADER_FIELD_DELIMITER=,
INDEXED_EXTRACTIONS=csv

My issue is that my csv is not indexed on splunk.

In index=_internal I have this INFO message :

 12/30/20
3:35:14.261 PM  INFO TailingProcessor - Adding watch on path: /opt/splunk/etc/apps/my_app/bin/csv_file.csv.
host = heavy-forwarder index = _internal log_level = INFO source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
12/30/20
3:35:14.261 PM
12-30-2020 14:35:14.261 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor:///opt/splunk/etc/apps/my_app/bin/csv_file.csv.

INFO ExecProcessor - setting reschedule_ms=59661, for command=python /opt/splunk/etc/apps/my_app/bin/my_script.py

No ERROR message at script level also...

What I did wrong ?