Observed that the size of file is different compar...

Getting Data In

Hi,

I have pushed a data from a file into Splunk.
The size of the file is 94921b but when I pushed into Splunk, the size of the index from _internal is 90965b.
The index I have used to push the data is a brand new index created.

This is how I compared between the size of file and size of index in Splunk

I have created a log file which is 94921b in size. I used stat log_100kb.log
Results
File: 'log_100kb.log'
Size: 94921 Blocks: 200 IO Block: 32768 regular file

I pushed this log file using Opentelemetry to Splunk.
I used "index=_internal source=*license_usage.log type="Usage"" to check on the size of the data being pushed into that the index I have created.
Results from the _internal index
07-11-2023 01:51:44.679 -0700 INFO LicenseUsage - type=Usage s="http:100kb_logs" idx="100kb_logs" b=90965 .......

May I know why is the size different between the file and the index, please?

Thank you.

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Are you a member of the Splunk Community?