We are getting logs from an application called Appsense. We are using custom parser for collecting the logs. We are seeing an unusual thing in the logs. for example in the details section, the field says
Fisrt time: 05/23/17 15.30 LAst Time : 05/23/17 2.30 .
What can be the reason. Is there any issue with the parser. What is the last time signifies here.
Please help me here
The logs are being pulled as by a file reader receiver. The logs are being dumped by the application in a shared folder and receiver collects by CIFS pull.Right now, we are not receiving logs at all from this application, though we can see logs being written to the shared folder.
We have checked the receiver config lso which seems to be fine. Can anyone please advise what can be the issue.
Is the CIFSs credential still valid? Maybe the bookmark file is corrupted, which you can try to disable and re-enable the data source again or create a new one to reset the bookmark file?
That seems to be a good idea.Since this is a CIFS share, where can I check the bookmark file. I just checked the expiry date for the service account that we are using for fetching the logs and it is set to never expire.Some changes were made to the acct, but the issue had started much before that.
when you say diable and re-enable the data source, do you mean reconfiguring the data source all over again?
Thanks you so much for your help.
WMI data sources have bookmarks, syslog doesn't I think. I believe CIFS type also got one, so it knows where left off last time. Yeah, uncheck parsing and logging, write out, and re-enable parsing again.