I am using the "Upload a File" option to input OLD event logs.... VERY SLOW TASK !!!!
According to the doco,
"__Use the batch input type in inputs.conf to load files once and destructively. By default, Splunk's batch processor is located in $SPLUNK_HOME/var/spool/splunk. If you move a file into this directory, Splunk indexes it and then deletes it._"
I tried copying a .evt file here but it's not working ????
Is there something else that needs to be done ????
Thanks
... View more