Hi,
I am trying to monitor a directory.
Suppose that there is a directory named test and it contains initially a log file called access.log.
The access.log file contains following data.
2...
Hi all,
I am using the directory monitoring feature to index files below a specific path. The stanza in inputs.conf looks like this:
[monitor://E:\Logs\UTC]
disabled = false
host_regex = \....
...mp; directories] at Splunkweb.
I have calculated the "number of files" field at each sourcetypes withthe following command, andthere are theCLI results andthe GUI result.
----result----
[u...
Hi,
I'm trying to monitor 2 logs file format (.out & .err) from a same directory (/var/splunkdata).
I use theCLI command to execute the add monitor command :
sudo /opt/s...
...ing... and it still doesn't pick up my file.
I have to bounce the forwarder everytime, to make splunk pick up my new files.
Is there a setting somewhere, that i can change, to make splunk monitor...
...se the same username and password can not login the web interface. If I remove $SPLUNK_HOME/etc/passwd to "passwd.bak" and restart splunk, when I try to login with "admin" it will say "No users exist....
...016 09:42:57.293 -0500 WARN ulimit - Core file generation disabled
I'm looking into the ulimit message
Here are the forwarder CLI results for forward-server andmonitor
kodiak:/s...
What is a good procure to follow for installing a Splunk Universal Forwarder on a Linux host for the first time? A step by step process might help first time users get data into Splunk and u...