On 6 oct. 2014, at 15:41, Mark Martinec <[email protected]> wrote:
>> Further testing yields to a positive result. Script behaves >> flawlessly, Splunk won't show new events immediately, but will >> eventually index and display them (probably because it's a very low >> traffic MX server). > > If it's a low-traffic server, turn on autoflush in the perl > program (add a line: $| = 1; somewhere near the beginning). > This way it will write each line immediately to stdout, > instead of buffering the output: > > --- logfeeder-redis2stdout.pl~ 2014-05-08 17:47:13.898140766 +0200 > +++ logfeeder-redis2stdout.pl 2014-10-06 15:38:09.852551962 +0200 > @@ -16,2 +16,3 @@ > > +$| = 1; > binmode(STDOUT,':bytes') or die "Can't set STDOUT to bytes mode: $!"; Thank you Mark, I've patched the script on my server, and I'm testing right now. Patrick PRONIEWSKI -- Responsable pôle Opérations - DSI - Université Lumière Lyon 2 Responsable Sécurité des Systèmes d'Information
