but in this time I think its worthless because the crcSalt is the same of the whole. Yes, using symlink i said before the trick is done but it's a very frusrating job, when 1) you do not access the systems directly and works only in Deployment 2) sources and paths are.many and more then.1. There is an nf in SPLUNKHOME/etc/apps/SA-ITOA/default. crcSalt SHOULD do this work, like documentaton SAYS! Very bad for a product like Splunk. If you have two stanzas that reference the same group of files, Splunk uses crcSalt to determine if it has read a particular file previously to prevent double ingestion (as in the case if you have symlinked files/folders, by default it will NOT ingest the file if it sees it has encountered it previously). The source is a fortigate I have 4 nodes, 3 work perfectly and 1 is the. So far I found the parameters crcSalt and initCrcLength, but not sure how to use them correctly. Heres the stanza: Windows Log Processor monitor://C:UsersuserDesktopICTExports.csv disabled false crcSalt
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |