I am working with an OMS setup where Custom Log ingestion has been setup. This is working fine for the most part, but occasionally the Custom Log data stops transmitting to OMS. During these times it has been verified that data is still being written to the log on the VM (the client has viewed and verified this) and the MMA heartbeat still occurs (verified via a Log Analytics query), just none of the Custom Log data is being transmitted. When the agent is restarted, data transmission starts working again.
Where should we begin troubleshooting this? I assumed that MMA logs INFO, ERROR and WARNING details in the Event Viewer, but I was not able to locate the details in Event Viewer. I also looked into the installation folder to see if a log file was generated there, but to no avail. Any help pointing to where we could look to troubleshoot this would be appreciated!
To add more context to this issue, the agent seems to be able to transmit other OMS solution based data to OMS at normal intervals, so it may be an issue with this custom log.
One weird thing is that the client is saying the file is updated every five minutes, however the Date Modified timestamp for the file in Windows does not update throughout the day (not sure how that happens, but asking the client to verify). What triggers the Microsoft Monitoring Agent to recognize a file has been updated and to transmit data to OMS (is it that the Date Modified timestamp has changed, or is some kind of checksum calculation performed to recognize new data has been added)? Or does MMA simply stream anything new it sees in the log every 5 minutes regardless of if the Date Modified timestamp has changed or not.