Archive

Can SPLUNK handle circular logs?

Path Finder

I have a series of logs being written by a custom application and the size of the log files is static, and when the application reaches the bottom of the log file it begins writing again from the top. If I point SPLUNK at one of these logs, will it realize that the log has started at the top again?

Tags (1)

Splunk Employee
Splunk Employee

It will realize that the file has changed and reindex the entire file again. It your goal is to allocate a max size that the logs would take why don't you use some sort of log rotating utility (obviously your application needs to play nice with the log rotating util)