Re: For inputs.conf, can the time_before_close set...

actionabledata · ‎01-21-2021

Follow on question to https://community.splunk.com/t5/Getting-Data-In/Can-batch-read-a-partial-file-such-that-the-of-event...

[Q] For inputs.conf, can the time_before_close setting be used with [batch]?

The inputs.conf file specifically indicates which [monitor] settings are compatible with [batch] and this setting is not included.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

From inputs.conf

 The following settings work identically as for [monitor::] stanzas,
 documented above
host_regex = <regular expression>
host_segment = <integer>
crcSalt = <string>
recursive = <boolean>
whitelist = <regular expression>
blacklist = <regular expression>
initCrcLength = <integer>

splunkyj · ‎03-20-2023

This is no longer the case. See https://docs.splunk.com/Documentation/Splunk/latest/admin/Inputsconf

# The following settings work identically as for [monitor::] stanzas,
# documented previously
host_regex = <regular expression>
host_segment = <integer>
crcSalt = <string>
recursive = <boolean>
whitelist = <regular expression>
blacklist = <regular expression>
initCrcLength = <integer>
time_before_close = <integer>

For inputs.conf, can the time_before_close setting be used with [batch]?

inputs.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation