Archive

Sinkhole Configuration

Engager

I modified the inputs.conf on my /system/local/ to add batch stanza with sinkhole hoping that files going to that folder will be consumed destructively. Files are getting indexed, however they are not getting deleted.

Anything that i have missed?

inputs.conf

[batch:///{path}]
move_policy = sinkhole

Tags (1)

Builder

Sounds like this could be a permissions issue. Your splunkd.log should give you more insight.