Hello all! 🙂 I'm currently implementing Splunk inside one of our company systems. It happens so that the logging structure works like this: C:\Systems\System\Logs\A_Lot_Of_Folders\2020(year)\11(month)\day.txt Since I have a lot of folders inside the Logs structure, I configured my stanza like this: [monitor://C:\Systems\System\Logs\*] index = MyIndex disabled = 0 _TCP_ROUTING = my_config I have also tried: [monitor://C:\Systems\System\Logs] index = MyIndex disabled = 0 _TCP_ROUTING = my_config But my Universal Forwarder won't look up inside the folders that I have inside the Logs directory. Question 1: Is there a way to config a "global stanza setting" so the Universal Forwarder will look for every new event inside all of the folders or I will have to work with the hard way, configuring each and every folder with a new monitor stanza? Question 2: Is there a way to automate whenever we turn to the next month or next year so I won't have to go back and configure all the stanzas with the current year/month that we are? In terms of troubleshooting, I've already restarted the service and I have connectivity with the Splunk destination. Thank you in advance!
... View more