Re: how to set the log size limit

johnsmithcy · ‎01-23-2019

how to set the log size limit? how to make automatic deletion for the log collected

woodcock · ‎01-27-2019

You can set the maximum event size with the TRUNCATE setting.

mayurr98 · ‎01-24-2019

Hi

well it is possible, you can configure index size limit as the logs are stored in indexes.
have a look at this doc:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Indexer/Configureindexstoragesize

let me know if it helps!

dkeck · ‎01-23-2019

Hi,
In this log have a look at batch inputs. A batch input will delete the file you want to read afterwards.

What do you mean by log size? Are ww talking boit a splunk log like splunkd.log? Or are you referring to a log you want to monitor?

    [batch://<path>] 
    move_policy = sinkhole 
    <attrbute1> = <val1> 
    <attrbute2> = <val2>

johnsmithcy · ‎01-23-2019

referring to the log I want to monitor

dkeck · ‎01-23-2019

HI,

I think that depends on what you want to log. Why do you want to set the size?

Did you try batch:// input?

johnsmithcy · ‎01-23-2019

where is batch://input
I afraid the log size would be too big

dkeck · ‎01-23-2019

HI, splunk can handle logs with big size too. Depends more on your queue size and your network, how fast it will ingest the data.

You are monitoring with a universal forwarder?

You can set the batch input your self, in any inputs.conf in $SPLUNK_HOME/splunk/etc/apps

just create a new app with a local folder and within the local folder create an inputs.conf.

Then paste the code I gave you above and replace ://path with your file path. Then restart splunk.

dkeck · ‎01-27-2019

Was this helpfull?

how to set the log size limit