The "active-only" feature doesn't seem to work in Splunk 4.3:
# splunk add monitor /var/log/messages -active-only true
In handler 'monitor': Argument "eatonlylivefiles" is not supported by this handler.
It's still listed as a feature in "splunk help add" and at http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI.
Has the feature been removed (and if so, is there a reason why it's no longer useful)? Or is this a bug?
... View more