I am trying to solve a problem where a particular JSON data feed/source has intermittent line break failures. In a 24 hour period, there are about 100K events parsed correctly (i.e., the line breaks are applied to the correct location) and about 40K events are parsed incorrectly (i.e., the 40K source/application events appear as 170 clumped events in Splunk). Hopefully that makes sense. My question: What are possible causes for this behavior?
↧