I am trying to index a somewhat long log file (about 38805 bytes according to the tailing processor).
This log file contains 417 lines, but Splunk only indexed 47 lines.
I thought it might be the TRUNCATE default of 10000 bytes, but looking at the logs, I noticed that it successfully indexed all the log files below 18181 bytes in size (except for one log file that is 4124 bytes, but I'm not sure if that's important)
My log's inputs.conf is configured as such:
[monitor://\\path\to\our\internal\network]
whitelist = WhiteListPattern
initCrcLength = 2048
sourcetype = generic_single_line
disabled = false
Anyone have any idea what's going on here?
↧