The app local props.conf file is getting changed. I repeat my requirement here: I have configured C:\test\ for monitoring in Splunk I have different folders under C:\test like C:\test\test1 c:\test\test2 I want have a field extractor which extracts fields from files stored in C:\test\test1 folder only. All files are in csv format. If I configure field extractor directly from event actions menu, it is getting applied for all csv files in the C:\test folder which is creating conflicts. I checked in props.conf file then I found below commands added which clearly tells SPLUNK to extract fields for all csv files. Kindly assist me how can I restrict the field extraction. [csv] EXTRACT-Date,Computer,IP,Product,Action,Result =\d+\t(?P[^\t]+)\t(?P[^\t]+)\t(?P\d+.\d+.\d+.\d+)\t(?P\w+)\t(?P\w+\s+\w+)[^\t\n]*\t(?P[^\t]+) ... View more

I am facing the same issue even if I am searching with specific file name. I removed crcSalt= from input.conf but no result.,I am facing the same issue.Even if I search with specific file. I removed crcSalt= from input.conf but no result. ... View more