Hi,
I've uploaded a txt file containing CPU performance data to splunk, set the source type to csv and have created an index. I've been able to generate a report from this.
Data is coming from the txt file correctly under correct index and sourcetype, but the problem is that the file is constantly appended with new data and the appended data doesn't come up until I add the same file again from data inputs and do the same steps again.
Can someone please help on how to get the data indexed in Splunk as soon as the input file gets updated? From my research, I've found that I need to customize the inputs.conf file, but I have no idea where to start.
Your help would be very much appreciated
Thanks
↧
