A customer is using regex to whitelist access logs and secure logs from a web server, but only the access logs are being ingested. Which troubleshooting resource would provide insight into why the secure logs are not being ingested?
A customer is using regex to whitelist access logs and secure logs from a web server, but only the access logs are being ingested. Which troubleshooting resource would provide insight into why the secure logs are not being ingested?
To troubleshoot why secure logs are not being ingested, the tailingprocessor is the appropriate resource. It shows the status of files being monitored and processed by the system, helping to identify issues with file ingestion.
TailingProcessor shows monitored (tailed) files
Should be "D"
Ans is D
D, TailingProcessor. You should have covered this in Core Implementation and used it in the labs.
D is the correct
More examples https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/Troubleshoottheinputprocess
TailingProcessor is used to show fileing being processed https://community.splunk.com/t5/Getting-Data-In/How-to-find-status-of-files-being-monitored/m-p/136792