I have a need to ingest logs from multiple computers where the filename is always the same. I seem to be running into an issue (with file input) where after the first file is ingested, followup files are ignored because they have the same name. How can I effectively disable (or genuinely disable) the sincedb function of the file input or is there a better method to accomplish this? This is running on a Windows OS and setting sincedb to /null ended up creating a file called null at the root of the drive. I intend to deploy a script that manually forces a process to occur on a remote machine, collect the log file, and then put it in the file ingest folder.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.