Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Data upload to spool is truncated

philip_w
Explorer
‎09-11-2017 04:33 PM

I'm using powershell to get a web page in order to keep track my service status.
I tested my script which can write the whole page into local file without problem.
Then I changed to write it to $SPLUNK_HOME/var/spool/splunk

However, I found from Splunk search it always only captured the first few lines in HTML before the

Can anyone tell there's any setting affecting spool indexing behavior?

Thanks!!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎09-11-2017 05:22 PM

If you need to blast a few files into splunk using a script, then just use add oneshot:

https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/MonitorfilesanddirectoriesusingtheCLI

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎09-11-2017 05:22 PM

If you need to blast a few files into splunk using a script, then just use add oneshot:

https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/MonitorfilesanddirectoriesusingtheCLI

0 Karma
Reply
Solved! Jump to solution

philip_w
Explorer
‎09-11-2017 05:29 PM

I should go for [batch://] indeed.

Thank you for your advice!

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎09-11-2017 05:33 PM

Yes, that will delete after sending, if you configure it properly.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎09-11-2017 05:13 PM

Why would you ever write to $SPLUNK_HOME at all, especially var? Please point us to splunk docs that describes the way you are using this directory (which so far as I know is for internal use regarding primarily summary indexing).

0 Karma
Reply
Solved! Jump to solution

philip_w
Explorer
‎09-11-2017 05:19 PM

I thought writing file to spool is the easiest way if I don't want to keep the file after indexing. Ok, seems I shouldn't use without good knowledge.

There is another story about powershell... I initially wanted to get the page through stdin/out. I failed to, so I wrote the html content into file first

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎09-11-2017 05:21 PM

Maybe it is a thing now. Show the the docs page.

0 Karma
Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎09-11-2017 04:51 PM

Hey @philip_w, did a portion of your post get cut off? This part: "However, I found from Splunk search it always only captured the first few lines in HTML before the" You can edit your post by pressing the gear icon to the top right of the post.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...