I have a server where logs are generated on daily basis in this format- /ABC/DEF/XYZ/xyz17012022.zip      /ABC/DEF/XYZ/xyz16012022.zip            /ABC/DEF/XYZ/xyz15012022.zip OR  /ABC/DEF/RST/rst17012022.gz      /ABC/DEF/RST/rst16012022.gz               /ABC/DEF/RST/rst15012022.gz   I am getting this error , every time when i am indexing the .gz, .tar or .zip  file - "updated less than 10000ms ago, will not read it until it stops changing ; has stopped changing , will read it now." This problem was earlier addressed in this post,  https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/gz-file-not-getting-indexed-in-splu... As suggested I have used " crcSalt = <SOURCE> " but I am still facing similar errors.   inputs.conf:  [monitor:///ABC/DEF/XYZ/xyz*.zip] index= log_critical disabled = false sourcetype= Critical_XYZ ignoreOlderThan = 2d crcSalt = <SOURCE> I am getting this Event in Internal Logs while ingesting the log file     ... View more

I have a server where logs are generated on daily basis in this format- /ABC/DEF/XYZ/xyz17012022.zip      /ABC/DEF/XYZ/xyz16012022.zip            /ABC/DEF/XYZ/xyz15012022.zip OR  /ABC/DEF/RST/rst17012022.gz      /ABC/DEF/RST/rst16012022.gz               /ABC/DEF/RST/rst15012022.gz   I am getting this error , every time when i am indexing the .gz, .tar or .zip  file - "updated less than 10000ms ago, will not read it until it stops changing ; has stopped changing , will read it now." This problem was earlier addressed in this post,  https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/gz-file-not-getting-indexed-in-splunk/td-p/313840 As suggested I have used " crcSalt = <SOURCE> " but I am still facing similar errors.   inputs.conf:  [monitor:///ABC/DEF/XYZ/xyz*.zip] index= log_critical disabled = false sourcetype= Critical_XYZ ignoreOlderThan = 2d crcSalt = <SOURCE>   ... View more