Explanation/Reference: https://answers.splunk.com/answers/479312/how-to-edit-inputsconf-to-monitor-multiple-files-w-
1.html

Explanation
Of the following types of files within an index bucket, the rawdata file type may consume the most disk. The rawdata file type contains the compressed and encrypted raw data that Splunk has ingested. The rawdata file type is usually the largest file type in a bucket, because it stores the original data without any filtering or extraction. The bloom filter file type contains a probabilistic data structure that is used to determine if a bucket contains events that match a given search. The bloom filter file type is usually very small, because it only stores a bit array of hashes. The metadata (.data) file type contains information about the bucket properties, such as the earliest and latest event timestamps, the number of events, and the size of the bucket. The metadata file type is also usually very small, because it only stores a few lines of text. The inverted index (.tsidx) file type contains the time-series index that maps the timestamps and event IDs of the raw data. The inverted index file type can vary in size depending on the number and frequency of events, but it is usually smaller than the rawdata file type

Explanation/Reference: https://splunkonbigdata.com/2018/10/01/splunk-diag/

Explanation/Reference: https://answers.splunk.com/answers/141721/error-in-splunkd-log-breaking-event-because-limit-of-
256-has-been-exceeded.html