Re: For inputs.conf, can the time_before_close set...

actionabledata · ‎01-21-2021

Follow on question to https://community.splunk.com/t5/Getting-Data-In/Can-batch-read-a-partial-file-such-that-the-of-event...

[Q] For inputs.conf, can the time_before_close setting be used with [batch]?

The inputs.conf file specifically indicates which [monitor] settings are compatible with [batch] and this setting is not included.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

From inputs.conf

 The following settings work identically as for [monitor::] stanzas,
 documented above
host_regex = <regular expression>
host_segment = <integer>
crcSalt = <string>
recursive = <boolean>
whitelist = <regular expression>
blacklist = <regular expression>
initCrcLength = <integer>

splunkyj · ‎03-20-2023

This is no longer the case. See https://docs.splunk.com/Documentation/Splunk/latest/admin/Inputsconf

# The following settings work identically as for [monitor::] stanzas,
# documented previously
host_regex = <regular expression>
host_segment = <integer>
crcSalt = <string>
recursive = <boolean>
whitelist = <regular expression>
blacklist = <regular expression>
initCrcLength = <integer>
time_before_close = <integer>

For inputs.conf, can the time_before_close setting be used with [batch]?

inputs.conf

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?

For inputs.conf, can the time_before_close setting be used with [batch]?

inputs.conf

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management