Hi,
We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk Forwarder to parse and Index these. After creating the `[monitor: .. ]` stanza under inputs.conf, we still do not see Splunk getting the logs from that file. To test, I replicated a similar file setup on my local desktop.
File location: `C:\DNS logs\DNS_log.txt`
**Inputs.conf**
[monitor://C:\DNS logs\DNS_log.txt]
disabled = false
sourcetype = win_dns
**From splunkd.log:**
09-21-2016 11:03:28.886 -0400 INFO TailingProcessor - Parsing configuration stanza: monitor://C:\DNS logs\DNS_log.txt.
09-21-2016 11:03:28.886 -0400 INFO TailingProcessor - Adding watch on path: C:\DNS logs\DNS_log.txt.
**From inputstatus:**
![alt text][1]
[1]: /storage/temp/160249-inputstatus-dns.png
What could be going wrong in this setup?
Thanks,
~ Abhi
↧