Getting Data In
Highlighted

Where is the default value of time_before_close property defined in splunk?

Path Finder

I could not find this property under $SPLUNK_HOME$/system/default/inputs.conf

timebeforeclose =
* The amount of time, in seconds, that the file monitor must wait for
modifications before closing a file after reaching an End-of-File
(EOF) marker.
* Tells the input not to close files that have been updated in the
past 'timebeforeclose' seconds.
* Default: 3.

0 Karma
Highlighted

Re: Where is the default value of time_before_close property defined in splunk?

SplunkTrust
SplunkTrust

Hi @iparitosh,

The default value is defined in the documentation here as 3 seconds :
https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

I ran a search on all .conf files and it's not defined there as well. It should be hard coded somewhere in the core configuration as this parameter is a core functionality for the monitoring stanza in inputs.conf.

Cheers,
David

View solution in original post

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.