I am just getting this started and trying to figure out why it is not bringing in events. I have the inputs.conf file on the local box that splunk is running on just for a test.
In that file I have [fschange:/opt/Tivoli]
Save the file, restart splunk. It should be getting sent to the main index by default if I read correctly. Files are getting changed in one of the subdirectories but nothing is coming in from them.
Am I missing a bit of a config thing?
Thanks!