Here's my situation.
I have automated a SQL lookup on a database and output a .csv file every 10 minutes with field names and events within the last 10 minutes. eg: eventlog-22112012-1410.csv. Each file is copied to a folder on my Splunk server resulting in an ever growing list of files that Splunk indexes. The first line of each file contains the fields and the rest of the lines are values.
I have been able to get Splunk to index the files as they grow and it automatically extracts the fields. I have built a nice dashboard based on this data.
I have 4 things I really need to ask:
Questions 3 and 4 are most important for me. I don't want to delete files or add fields and break the dashboards that I've already created. Please help if you can.
Lets see if this helps:
Lets see if this helps:
Thank you very much. I'll try these suggestions and see what happens.