Hi all.
I have built a simple scripted input that grabs XML data over http:
#!/bin/bash
curl http://www.a.com/EN.XML
All works fine BUT Splunk is indexing all events each time it is pinging the file, resulting in duplicate events.
What is the best way to validate the index of events in Splunk against the XML file, so that Splunk only pulls back events that have not already been indexed?
Thanks!