![alt text][1]
Attached is an example of the data, I have also extracted the data from the gz files and it was able to import the data fine that way. The stanza for the monitor is
[monitor:///var/akamailogs/prod]
disabled = false
host = Akamai
index = akamaiweblog
sourcetype = access_combined
Am I missing something?
[1]: /storage/temp/269654-2019-02-28-09-28-15-search-splunk-724.png
↧