Documentation > Splunk > Admin Manual > Add binary files

Admin Manual

 


Getting Started
How Splunk Works
Configuring a Splunk Deployment
Data Inputs
Hosts
Source Types
Timestamp Recognition
Events
Event Types
Meta Events
Fields
Segmentation
Saved Searches and Alerts
Authentication
Granular Access Control
Data Distribution
Distributed Search
Deployment Server
Index Management
Bundles
SplunkBase
Performance Tuning
Routine Maintenance
How-To
Troubleshooting
Reference

Add binary files

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Add binary files

By default, Splunk ignores binary files. However, you can set props.conf to enable consumption of binary files.


Configuration

You can enable binary file consumption based on source, sourcetype or host in $SPLUNK_HOME/etc/bundles/local/props.conf.


Add the following to props.conf: 


[<spec>]
NO_BINARY_CHECK = True
$ATTRIBUTE = $VALUE

<spec> can be:

  1. <sourcetype>, the sourcetype of an event
  2. host::<host>, where <host> is the host for an event
  3. source::<source>, where <source> is the source for an event

$ATTRIBUTE = $VALUE can be any number of additional attribute/value pairs you may wish to set for that <spec>.

Example 

[host::robot]
NO_BINARY_CHECK = True
SHOULD_LINEMERGE = false

This example turns off binary checking for all files the come from host::robot. SHOULD_LINEMERGE = false means Splunk will break events every time it sees a newline.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.4/Admin/AddBinaryFiles"

This documentation applies to the following versions of Splunk: 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.