Hi Everyone,
We are injecting data into splunk using syslog-ng i verified the data is coming into the heavy forwarder , when i create a data input to index them i am unable to see the logs are getting indexed. As a par t of troubleshoot i see the below error in the splunkd.log, Anyone experienced similar error before?
11-17-2017 15:53:59.599 -0500 ERROR TailReader - Ignoring path="/var/log/syslog-ng/XXXX/XXXX/XXXX/messages" due to: Invalid indexed extractions configuration - see prior error messages.
TIA
↧