Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Parallel data monitor/transmission - inputs.conf precedence

rgaleone1
Path Finder
‎12-17-2013 10:03 AM

Splunk:

Indexer <- series of tubes -> Forwarder

App:

fwdtosplunk/default/inputs.conf
[monitor:///path1/]
[monitor:///path2/]

Question: 

Both path1 are path2 are large directories. Will the Forwarder need to completely send all data in path1 before beginning to sending data from path2?
0 Karma
Reply

kristian_kolb
Ultra Champion
‎12-17-2013 12:23 PM

The TailingProcessor, which is 'responsible' for checking which files have been updated (or are unread), used to be a single-threaded process in v5 (don't know if that has changed). Unless I'm much mistaken, that probably means that it would handle the input files sequentially.

However, if not all of those files are being updated (i.e. it's an archive of ooold files), you would only see this problem the first time you're indexing the files. Also, if it is an archive of old files that you DON'T want to be indexed, you could set the ignoreOlderThan parameter in inputs.conf or move the old files away to some other directory (don't put them in subdirectory, unless you also set recurse=false for that input. 🙂

Hope this helps a little,

K

Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...