Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

getting file logs

henrytran
Engager
‎08-12-2020 01:59 PM

Hello,

I am working on getting the logs into a dashboard. Files are sitting in the source a 2 minutes and will be moved to another server after 2 minutes time frame. my concern is if there is a script pull the logs within the time frame.

Thanks in advance

 

Henry

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-13-2020 10:11 AM

Hi @henrytran,

I think that an UF can read 50,000 linea in 2.5 minutes, but to be sure, you can do a test.

If your UF is too slow, you can copy the files in another folder, use it for reading and delete files after, but I don't think that's necessary.

Ciao.

Giuseppe

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-13-2020 01:42 AM

Hi @henrytran,

if you have a Universal Forwarder on the server where files are stored, it reads the logs every 30 second (by default but it's configurable), so your files are read before they move.

So you don't need a script.

A script could help if your cannot install a UF on that server, but this isn't a Splunk question, it's a Linux question.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

henrytran
Engager
‎08-13-2020 09:28 AM

I am clarifying that how quick the Universal Forwarder reads the files? because I am concerning about 2 minutes limitation in reading 500 files or 50,000 files.

Thank you for responding to my questions.

 

Henry T

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-13-2020 10:11 AM

Hi @henrytran,

I think that an UF can read 50,000 linea in 2.5 minutes, but to be sure, you can do a test.

If your UF is too slow, you can copy the files in another folder, use it for reading and delete files after, but I don't think that's necessary.

Ciao.

Giuseppe

 

0 Karma
Reply
Solved! Jump to solution

henrytran
Engager
‎08-14-2020 08:41 AM

I appreciate it for your responses.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...