Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ignoreOlderThan Invalid for batch input

ips_mandar
Builder
‎09-13-2019 05:36 AM

Does ignoreOlderThanstanza in inputs.conf is Invalid for batch input?
I am getting error as-"Invalid key in stanza"

[batch:\\D:\...\*.zip]
move_policy = sinkhole
index=abc
ignoreOlderThan = 72h
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

solarboyz1
Builder
‎09-13-2019 05:56 AM

A batch input does destructive reads of the files, so its not expecting older files to be in that location.
Which is why ignoreOlderThan isn`t listed as a valid option for a batch input:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf#BATCH_.28.22Upload_a_file.22_in_...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

solarboyz1
Builder
‎09-13-2019 05:56 AM

A batch input does destructive reads of the files, so its not expecting older files to be in that location.
Which is why ignoreOlderThan isn`t listed as a valid option for a batch input:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf#BATCH_.28.22Upload_a_file.22_in_...

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...