Organizations may implement the rolling of log files on a periodic basis. This could be daily, weekly or any frequency. One scenario that can happen is where Splunk does not realize that the rolled log file has new data and does not ingest as desired. It could be a file with the same name or even a separate file. This demo session is a walkthrough of how to troubleshoot ingestion issues and how to calculate and apply the necessary configuration settings to get Splunk rocking and [log] rolling again.
Bitsio
Splunk Consultant
bitsIO Inc.
VP at bitsIO Inc, Community Servant, SplunkTrust MVP and Positive Enabler
I was born and raised in Ireland and have been living around London in the UK for the past 27 years. Discovering Splunk in 2012 was life changing for me in so many ways. Ever since, I have been blessed with an amazing action packed Splunk journey as a customer at times, a partner at times, an EDU trainer at times and a community servant always. I started the Splunk User Group London in 2013 and in 2021 founded ‘Study Club for Splunk’ with Tony Reinke and Suman Gajavelly. I have been further blessed to speak at .conf on several occasions. Helping individuals and organisations around the world on a voluntary basis, including good causes is a passion. I am totally committed to our amazing Splunk community and following on from this, have been a member of SplunkTrust since 2015. I am here for you.
Leader, Fort Worth Splunk User Group
bitsIO
Co-Leader
