Hello,
By default:
Splunk Enterprise decompresses archive files before it indexes them. It can handle these common archive file types: tar, gz, bz2, tar.gz, tgz, tbz, tbz2, zip, and z.
(http://docs.splunk.com/Documentation/Splunk/6.1.6/Data/Monitorfilesanddirectories)
Is it possible to configure splunk to not do this? Or another way to handle our scenario?
We have a windows directory input path that we are indexing \*.log files. The problem is, there are .zip files in that folder that also contain \*.log files, but we want to ignore those.
Thanks in advance.
↧