The version of SUSE Linux I'm using has been compressing my logs with xz (by default) rather than gzip or bzip2. As such, when I added the log directory into splunk, there's a large gap where those files couldn't be parsed. I can go through and unxz all of the logs and use bzip2 to compress them, and change logrotate to use bzip2 instead of xz, but I do like that xz achieves higher compression ratios than bzip2. I'm assuming that the decompression algorithms supported by splunk are hard-coded, but I thought I'd ask if it's something I can modify on my end to add support for that file type. If not, is this something that is being considered for a future release? ... View more