Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Data upload to spool is truncated
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using powershell to get a web page in order to keep track my service status.
I tested my script which can write the whole page into local file without problem.
Then I changed to write it to $SPLUNK_HOME/var/spool/splunk
However, I found from Splunk search it always only captured the first few lines in HTML before the
Can anyone tell there's any setting affecting spool indexing behavior?
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you need to blast a few files into splunk using a script, then just use add oneshot:
https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/MonitorfilesanddirectoriesusingtheCLI
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you need to blast a few files into splunk using a script, then just use add oneshot:
https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/MonitorfilesanddirectoriesusingtheCLI
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I should go for [batch://] indeed.
Thank you for your advice!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, that will delete after sending, if you configure it properly.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why would you ever write to $SPLUNK_HOME at all, especially var? Please point us to splunk docs that describes the way you are using this directory (which so far as I know is for internal use regarding primarily summary indexing).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I thought writing file to spool is the easiest way if I don't want to keep the file after indexing. Ok, seems I shouldn't use without good knowledge.
There is another story about powershell... I initially wanted to get the page through stdin/out. I failed to, so I wrote the html content into file first
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe it is a thing now. Show the the docs page.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @philip_w, did a portion of your post get cut off? This part: "However, I found from Splunk search it always only captured the first few lines in HTML before the" You can edit your post by pressing the gear icon to the top right of the post.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
