I am using Splunk 4.2 and would like to know if .7z files can be indexed?
I have attempted to index .7z files via the below steps, but have been unsuccessful:
Thank you for any direction that can be given!
No. Splunk has configurations for gzip, bz2, and compress files, among others, but not 7z. You could probably add support for that if you choose and install a command-line decompressor with streaming decompression by mimicking the configuration for tgz files.
No. Splunk has configurations for gzip, bz2, and compress files, among others, but not 7z. You could probably add support for that if you choose and install a command-line decompressor with streaming decompression by mimicking the configuration for tgz files.
Thanks for the prompt response! I may just end up having to stick with ZIP files, instead of 7z files then.
If I were to attempt support of 7z files, where would I go to get more info on mimicking the tgz configuration/setup?
Thanks!