I have a remote server which has 1 week older rolling logs. I wanted to monitor those logs so I have installed UF and set up inputs.conf. The newly created logs are showing up on Splunk search, but I am not able to search those 1week older files. Below is my inputs.conf. Is there any other way that I can import that logs to the same source type, same index and from the same host. Thank you
Splunk: 6.6.3
[monitor://D:\xxx*.log]
disabled = false
sourcetype = AAA
ignoreOlderThan = 7d
↧