hi,
I have a lot of error when splunk try to decrompess .gz files
my inputs.conf :
[monitor://D:\xxxxxx\]
source = file.bluecoat
sourcetype = bluecoat:proxysg:access:file
disabled = false
index=proxy
current_only=0
Error Message
ERROR ArchiveContext - From archive='D:\SFTP\Logs_proxy\FR000_ALOG_EU-PAR-BC101_inet_20190130_125039_UTC.log.gz': Decompression error
DEBUG ArchiveProcessor - Found no initcrc match for this stream, will re-read entire file.
DEBUG ArchiveProcessor - This archive stream's initcrc=0x7154d22c05d963eb.
I don't have a solution and you ?
Thank you in advance
... View more