- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I know Splunk will injest a TAR (and other types) file, my question is what if the file extension is NOT *.tar or *.TGZ? In this case the extension is *.diag and there will be 200+ individual files per day so manually renaming them isn't a viable option.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working
following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary
Kind Regards
Darth
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working
following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary
Kind Regards
Darth
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry I should have been more clear. The *.diag file is a tar file, it just doesn't have the tar extension.
