I have a few files (containing syslog events) in my Hadoop HDFS compressed using Snappy, and I configured Splunk to read that data using the virtual indexes.
Without compression, the events appear fine, but with compression, the encoding is all over the place. I was wondering if virtual indexes can be configured to decompress and read snappy files properly.
I'm not an experienced Splunk user, and I apologize if I used some terminologies erroneously.
... View more