Solved: Re: Upload large file

mwdbhyat · ‎09-07-2016

Hi,

How does one upload files larger than 500mb? I get an error "File too large. The file selected is 996Mb. Maximum file size is 500Mb" Is this due to using the trial ?

Thanks

somesoni2 · ‎09-07-2016

The 500MB limit is for uploading file from Splunk Web, regardless of the license type.

http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/Uploaddata

View solution in original post

dbcase · ‎09-07-2016

I've had the same problem. You can use the Linux SPLIT command to break the file up into smaller parts

http://askubuntu.com/questions/54579/how-to-split-larger-files-into-smaller-parts

ChrisG · ‎09-07-2016

Yes, both the trial and free licenses have an indexing limit of 500MB a day. For file upload on any license, the maximum file size is 500 MB, as the UI indicates.

somesoni2 · ‎09-07-2016

The 500MB limit is for uploading file from Splunk Web, regardless of the license type.

http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/Uploaddata

mwdbhyat · ‎09-07-2016

Thanks - Is there a way around this without using the Web, not splitting the file ?

dbcase · ‎09-07-2016

I don't think so but you could try using the universal forwarder instead of uploading the file

dbcase · ‎09-07-2016

Is it possible to zip the file so it is less than 500MB?

https://answers.splunk.com/answers/279/does-splunk-index-gzip-files.html

mwdbhyat · ‎09-07-2016

Figured it out with the CLI.. did a oneshot monitor. http://docs.splunk.com/Documentation/Splunk/6.4.2/Data/MonitorfilesanddirectoriesusingtheCLI

dbcase · ‎09-07-2016

Ah good to know, haven't used that before

Upload large file

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!