Hi,
brand new user of Splunk here. I'm currently evaluating Splunk enterprise, and need a bit of help understanding why Splunk wont let me monitor a file from IIS called "web.config". I can see the contents of a file called xxxyyyzzz.log from the same server using a forwarder, so there is not a configuration issue on the client itself. My guess it has something to do with the source type, but what? One would think that a file such as web.config would be such a common file that source type "automatic" would be able to work? This file never changes of course, except when when upgrade the system that this file controls. Will save me lots of time if I could see what settings the update destroys for us.
The file I want to see doesn't even show up in "Sources" when trying to search, even though it is entered in the exact same way as the .log file that does show up. What am I doing wrong?
↧