Hi,
I've been around this issue for so many hours. I have a log folder that I am monitoring:
[monitor://xxxxx\log]
index=monitor2015
whitelist = SCCObjMgr_enu.*\.log$
blacklist = .(filepart)$
sourcetype=Filter2015
_TCP_ROUTING=CENTOS703_30000
time_before_close = 45
multiline_event_extra_waittime = true
recursive=false
While I am using the app which puts the logs in the folder, all events appear ONCE.
A few seconds after I finish my session (and the file is closed definitely), all my data gets DUPLICATED on the index.
Any ideas?
Thanks!
↧