Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ignoreOlderThan Invalid for batch input

ips_mandar
Builder
‎09-13-2019 05:36 AM

Does ignoreOlderThanstanza in inputs.conf is Invalid for batch input?
I am getting error as-"Invalid key in stanza"

[batch:\\D:\...\*.zip]
move_policy = sinkhole
index=abc
ignoreOlderThan = 72h
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

solarboyz1
Builder
‎09-13-2019 05:56 AM

A batch input does destructive reads of the files, so its not expecting older files to be in that location.
Which is why ignoreOlderThan isn`t listed as a valid option for a batch input:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf#BATCH_.28.22Upload_a_file.22_in_...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

solarboyz1
Builder
‎09-13-2019 05:56 AM

A batch input does destructive reads of the files, so its not expecting older files to be in that location.
Which is why ignoreOlderThan isn`t listed as a valid option for a batch input:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf#BATCH_.28.22Upload_a_file.22_in_...

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...