File Monitor sending data irregularly
Options
Radek Filip
Posts: 1 ✭
Hi team, I need help with File Monitor source strange behaviour. Configured FM source (Cribl Stream single instance version 4.0.3) for one log file containing logs from shell backup script running once every day at 7PM. Backup script produces 6 lines/events during its operation. No advanced option used here, manual discovery with allowlist specifying log file name and Collect from end checked. Quick connect through simple pipeline adding metadata (index, sourcetype) and sending events to Splunk single instance destination. This setup works fine most of the time, 6 events read and sent to Splunk every day correctly. But from time to time it happens that at scheduled time not complete content of the log file is read and sent. The remaining lines from one day are then sent and ingested to Splunk together with the events from next run. It happens irregularly. I can not find any single reason for this, any idea?
Original message in Cribl Community Slack Message:https://cribl-community.slack.com/archives/C02A9EQV61J/p1682516004285909
Original message in Cribl Community Slack Message:https://cribl-community.slack.com/archives/C02A9EQV61J/p1682516004285909
0
Answers
-
This seems like an issue that will require a bit more investigation. I would recommend opening a support case.
0
