Hello, I need some help. I have a folder and an app that writes logs in NDJSON format and creates a new log file every 15 minutes. The configuration that I use is this: [monitor:///Users/yotov/app/.logs/.../*.log]
disabled = false
sourcetype = ndjson
crcSalt = <SOURCE>
alwaysOpenFile = 1 The problem is that Splunk Forwarder doesn't detect newly added files. It reads only the files at the start, and detects newly added content in them, but when a new file is added they are ignored until restart of Splunk Forwarder. I'm using the latest version of Splunk Forwarder and tried under Linux and MacOs What am I missing?
... View more