All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

estreamer 4.09 causing large knowledge bundles

rsanders30
Path Finder
‎01-07-2021 08:19 AM

Happy New Year to all. I am trying to resolve some of the issues I'm coming across with estreamer/encore add-on 4.09. After installing, I've noticed some issues. The main one is the app is causing the knowledge bundle ($SPLUNK\var\run\*.bundle) to fill up (19GB). My current config is set to the default ~2GB. Eventually, the estreamer will stop and I'll stop receiving updates. This didn't happen in the previous versions. I did try to blacklist the data folder in the encore add-on app to not allow it to be bundled, but no luck. 

Anyone having similar issues? 

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...