Getting Data In

Will Splunk ingest a TAR file with a .diag extension?

dbcase
Motivator

Hi,

I know Splunk will injest a TAR (and other types) file, my question is what if the file extension is NOT *.tar or *.TGZ? In this case the extension is *.diag and there will be 200+ individual files per day so manually renaming them isn't a viable option.

0 Karma
1 Solution

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

View solution in original post

0 Karma

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

0 Karma

dbcase
Motivator

Sorry I should have been more clear. The *.diag file is a tar file, it just doesn't have the tar extension.

0 Karma
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...