I have Ubuntu 10.10 running Asterisk 1.6.
I want to use Splunk to index the Asterisk CDRs. It's one of the automatically supported filetypes. The CDR is located at /var/log/asterisk/cdr-csv/Master.csv.
I added it to the list of directories to monitor. It shows up as a source, but it doesn't index any events. It just says events indexed 1.
From the CLI, I have to use sudo cat /var/log/asterisk/cdr-csv/Master.csv to view it. Could permissions have something to do with it? Although I did start splunk with sudo...
... View more