Getting Data In

Will Splunk ingest a TAR file with a .diag extension?

dbcase
Motivator

Hi,

I know Splunk will injest a TAR (and other types) file, my question is what if the file extension is NOT *.tar or *.TGZ? In this case the extension is *.diag and there will be 200+ individual files per day so manually renaming them isn't a viable option.

0 Karma
1 Solution

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

View solution in original post

0 Karma

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

0 Karma

dbcase
Motivator

Sorry I should have been more clear. The *.diag file is a tar file, it just doesn't have the tar extension.

0 Karma
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...