Add binary files

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Configuration
Example

Add binary files

By default, Splunk ignores binary files. However, you can set props.conf to enable consumption of binary files.

Configuration

You can enable binary file consumption based on source, sourcetype or host in $SPLUNK_HOME/etc/bundles/local/props.conf.

Add the following to props.conf:

[<spec>]
NO_BINARY_CHECK = True
$ATTRIBUTE = $VALUE

<spec> can be:

<sourcetype>, the sourcetype of an event
host::<host>, where <host> is the host for an event
source::<source>, where <source> is the source for an event

$ATTRIBUTE = $VALUE can be any number of additional attribute/value pairs you may wish to set for that <spec>.

Example

[host::robot]
NO_BINARY_CHECK = True
SHOULD_LINEMERGE = false

This example turns off binary checking for all files the come from host::robot. SHOULD_LINEMERGE = false means Splunk will break events every time it sees a newline.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.2/Admin/AddBinaryFiles"

« Scripted inputs File whitelisting / blacklisting »

This documentation applies to the following versions of Splunk: 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!

Admin Manual

Add binary files

Contents

Add binary files

Configuration

Example

Comments