Getting Data In

Will Splunk ingest a TAR file with a .diag extension?

dbcase
Motivator

Hi,

I know Splunk will injest a TAR (and other types) file, my question is what if the file extension is NOT *.tar or *.TGZ? In this case the extension is *.diag and there will be 200+ individual files per day so manually renaming them isn't a viable option.

0 Karma
1 Solution

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

View solution in original post

0 Karma

DarthDMader
Explorer

Hi

uncompressed tar files with suffix .diag are working
compressed tar files with suffix .diag are NOT working

following error message occurs in splunkd.log when it's gziped:
11-10-2016 09:50:12.793 +0100 WARN FileClassifierManager - The file '/opt/splunk/blub.diag' is invalid. Reason: binary

Kind Regards
Darth

0 Karma

dbcase
Motivator

Sorry I should have been more clear. The *.diag file is a tar file, it just doesn't have the tar extension.

0 Karma
Get Updates on the Splunk Community!

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...

Splunk Answers Content Calendar, June Edition II

Get ready to dive into Splunk Dashboard panels this week! We'll be tackling common questions around ...

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...