Getting Data In

Will Splunk ingest a TAR file with a .diag extension?

dbcase
Motivator

Hi,

I know Splunk will injest a TAR (and other types) file, my question is what if the file extension is NOT *.tar or *.TGZ? In this case the extension is *.diag and there will be 200+ individual files per day so manually renaming them isn't a viable option.

0 Karma
1 Solution

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

View solution in original post

0 Karma

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

0 Karma

dbcase
Motivator

Sorry I should have been more clear. The *.diag file is a tar file, it just doesn't have the tar extension.

0 Karma
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...