Getting Data In

syslog files growing out of control.

craigrussell
New Member

How do I deal with large syslog files that keep growing?
Do I just delete them or is there an automated way of rolling them. I don't want to lose the data or disconnect the hosts sending it.

Tags (1)
0 Karma

borisalves
Path Finder
0 Karma

jonuwz
Influencer

sowings
Splunk Employee
Splunk Employee

Note that in the Splunk context, you probably want the "delaycompress" option, so that rotated log files can be correctly identified, and read to the end of the file even after the file has been rotated.

craigrussell
New Member

Thanks for the tip. I'll try it.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...