Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there any way we can control logs generation time?

VijayA
Explorer
‎04-11-2023 02:20 AM

Hi, Can you advise on my Query.

Splunk Universal Forwarder installed on client machine, the are generating log files for every 2hrs, is there any way we can control there logs generation time? can we set anything in UF to generate log files for every 30mins and push to Indexer?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎04-11-2023 03:24 AM

Hi @VijayA,

as I said, Splunk continously checks the presence of new logs and reads and sent them.

What's the problem for this behavior?

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

VijayA
Explorer
‎04-11-2023 03:39 AM

Hi,

NO problem from Splunk side, I'm comparing 2 logs from different servers, both are coming to Splunk in different times, not able to extract the correct results. Hence, checking if there any possibility to control.

Thanks for your inputs! 

0 Karma
Reply
Solved! Jump to solution

VijayA
Explorer
‎04-11-2023 03:10 AM

Hi,

You mean, we can't control the frequency of sending logs from UF to Index, like for every 30mins? 

I have no issues with bandwidth occupation,  only I want to know is can we set any time frequency to send logs. 

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎04-11-2023 03:24 AM

Hi @VijayA,

as I said, Splunk continously checks the presence of new logs and reads and sent them.

What's the problem for this behavior?

Ciao.

Giuseppe

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎04-11-2023 02:57 AM

Hi @VijayA,

Splunk reads and immediately sends files when they are generated, the generation frequency hasn't inpact one the UF activity.

If you want to limit the bandwidth occupation of your data, you can setup a limit of the dimension of the data packets sent by the UF, but you don't need any intervene on the frequency.

ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...