I am using a script to poll cloud API for data at frequent intervals. The data is stored in archived *.csv.gz files and a UF installed on the same server is configured to monitor the folder:
sourcetype = data:1
index = data_1
_TCP_ROUTING = primary_indexers_site_1
The problem is that data only get ingested after a restart of the UF Splunk service on the host, and then almost immediately stops. Meaning I have to restart the UF every time I want to get new/current data.
The script does not appear to be the issue because it is constantly pulling new data into the folder as expected.
Anyone seen this before?
... View more