Organizations may implement the rolling of log files on a periodic basis. This could be daily, weekly or any frequency. One scenario that can happen is where Splunk does not realize that the rolled log file has new data and does not ingest as desired. It could be a file with the same name or even a separate file. This demo session is a walkthrough of how to troubleshoot ingestion issues and how to calculate and apply the necessary configuration settings to get Splunk rocking and [log] rolling again.