All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can SPLUNK handle circular logs?

conner9
Path Finder
‎04-29-2011 12:35 PM

I have a series of logs being written by a custom application and the size of the log files is static, and when the application reaches the bottom of the log file it begins writing again from the top. If I point SPLUNK at one of these logs, will it realize that the log has started at the top again?

Tags (1)
Reply

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎04-29-2011 12:45 PM

It will realize that the file has changed and reindex the entire file again. It your goal is to allocate a max size that the logs would take why don't you use some sort of log rotating utility (obviously your application needs to play nice with the log rotating util)

Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...