All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the use of batch and move_policy = sinkhole?

VijaySrrie
Builder
‎09-01-2022 07:12 AM

Hi All,

What is the use of 

move_policy = sinkhole

and on which scenario we will use batch (Batch will index the file and delete but in which application or server this should be used?) 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-01-2022 07:25 AM

The move_policy setting is required with a batch input as a way of making sure the admin understands what he or she is doing.  A batch input might be used to index a file that will not be updated.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

VijaySrrie
Builder
‎09-04-2022 06:30 PM

what happens when move_policy setting is not given in the batch config?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-05-2022 06:44 AM

I believe the batch input will be ignored if move_policy is missing.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...