Closed guilhemmarchand closed 4 months ago
User reported via contact@trackme-solutions.com:
hi, Got a bit of bug fix for you. Splunk was rolling trackme log files for some reason (or perhaps it was some parallel processing thing) so was getting file names like: trackme_tracker_health.log.1 trackme_tracker_health.log.2 in the vars folder. The settings in your props.conf file didn't pick these up so the sourcetype and other settings not being applied by splunk. I had to alter the settings in props.conf to have a * at the end of each log file specification. e.g., [source::...trackme_tracker_health.log*] [source::...trackme_rest_api.log*] Which seemed to fix things. Thought it would be handy to get into your source so I can delete my changes on next update. regards derek
hi, Got a bit of bug fix for you. Splunk was rolling trackme log files for some reason (or perhaps it was some parallel processing thing) so was getting file names like:
trackme_tracker_health.log.1 trackme_tracker_health.log.2
in the vars folder. The settings in your props.conf file didn't pick these up so the sourcetype and other settings not being applied by splunk.
I had to alter the settings in props.conf to have a * at the end of each log file specification. e.g.,
[source::...trackme_tracker_health.log*]
[source::...trackme_rest_api.log*]
Which seemed to fix things. Thought it would be handy to get into your source so I can delete my changes on next update.
regards
derek
User reported via contact@trackme-solutions.com: