Getting Data In
Highlighted

Where is the default value of time_before_close property defined in splunk?

Path Finder

I could not find this property under $SPLUNK_HOME$/system/default/inputs.conf

timebeforeclose =
* The amount of time, in seconds, that the file monitor must wait for
modifications before closing a file after reaching an End-of-File
(EOF) marker.
* Tells the input not to close files that have been updated in the
past 'timebeforeclose' seconds.
* Default: 3.

0 Karma

Re: Where is the default value of time_before_close property defined in splunk?

SplunkTrust
SplunkTrust

Hi @iparitosh,

The default value is defined in the documentation here as 3 seconds :
https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

I ran a search on all .conf files and it's not defined there as well. It should be hard coded somewhere in the core configuration as this parameter is a core functionality for the monitoring stanza in inputs.conf.

Cheers,
David

View solution in original post