Using the universal forwarder I need to monitor multiple directories in separate parts of the filesystem.
Specifically (obfuscated so as not to identify our customer):
[monitor:///var/log]
[monitor:///home//logs]
It seems that multiple monitor stanzas are not working (at least our customer is reporting that the second monitor stanza is not forwarding any files to their splunk instance.
Is there a workable solution?
↧