https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623468#M216737 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/217339">@indeed_2000</a>,</P><P>check if there's a common (in format) beginning of each raw, so you can identify it there are more raws merged in the same event.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 06 Dec 2022 17:02:52 GMT gcusello 2022-12-06T17:02:52Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623400#M216713 <P>Hi</P> <P>I've index a 12MB file in splunk but have different between line of file and event of splunk</P> <P>&nbsp;</P> <P>file = 114,475&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lines</P> <P>splunk = 104,475&nbsp;&nbsp; events</P> <P>&nbsp;</P> <P>file lines like this:</P> <P>123456789|0123456789|0123456789|Tobe&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |Alex&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>any idea?</P> <P>Thanks</P> Tue, 06 Dec 2022 14:45:49 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623400#M216713 indeed_2000 2022-12-06T14:45:49Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623401#M216714 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/217339">@indeed_2000</a>,</P><P>check if in the file you have some multiline event.</P><P>If not check the correct parsing of you events.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 06 Dec 2022 10:32:10 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623401#M216714 gcusello 2022-12-06T10:32:10Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623409#M216715 <P>Also, check for blank lines.</P><P>Where did the line count for the file come from? Is it counting long lines as two (or more lines)?</P> Tue, 06 Dec 2022 11:27:45 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623409#M216715 ITWhisperer 2022-12-06T11:27:45Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623455#M216730 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;<BR />1- there are no blank line in file.</P><P>2-vi in linux show line numbers.</P><P>3-each line one event in splunk.</P> Tue, 06 Dec 2022 15:31:07 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623455#M216730 indeed_2000 2022-12-06T15:31:07Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623456#M216731 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;</P><P>1-there is no multiline event.</P><P>2- how check correctly events parsed?</P> Tue, 06 Dec 2022 15:32:24 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623456#M216731 indeed_2000 2022-12-06T15:32:24Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623457#M216732 <P>Hi <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/217339">@indeed_2000</a>,</P><P>Check (usually is possible with a quick view on events9 if there are more events containing the timestamp that usually is at the beginning of the file.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 06 Dec 2022 15:42:45 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623457#M216732 gcusello 2022-12-06T15:42:45Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623466#M216736 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;as i write in post there is no timestamp in this file.</P> Tue, 06 Dec 2022 16:59:24 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623466#M216736 indeed_2000 2022-12-06T16:59:24Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623468#M216737 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/217339">@indeed_2000</a>,</P><P>check if there's a common (in format) beginning of each raw, so you can identify it there are more raws merged in the same event.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 06 Dec 2022 17:02:52 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623468#M216737 gcusello 2022-12-06T17:02:52Z https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623469#M216738 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;would you please tell me an example?</P> Tue, 06 Dec 2022 17:06:04 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-different-between-line-exist-in-file-and-events-of/m-p/623469#M216738 indeed_2000 2022-12-06T17:06:04Z