All,

I am reviewing my data ingestion health and I see the following error. 

Breaking event because limit of 256 has been exceeded

Changing breaking behavior for event stream because MAX_EVENTS (256) was exceeded without a single event break. Will set BREAK_ONLY_BEFORE_DATE to False, and unset any MUST_NOT_BREAK_BEFORE or MUST_NOT_BREAK_AFTER rules. Typically this will amount to treating this data as single-line only.

soucetype=package

Seems to be impacting about 20 of my hosts.

My props.conf on my indexer has the following customizations for this sourcetype otherwise it's thw default Splunk_TA_nix 8.2x configs that came with it.

[package]
TRUNCATE = 0
MAX_EVENTS = 512

The resulting props.conf via btool on my indexer is
[package]
ADD_EXTRA_TIME_FIELDS = True
ANNOTATE_PUNCT = True
AUTO_KV_JSON = true
BREAK_ONLY_BEFORE =
BREAK_ONLY_BEFORE_DATE = True
CHARSET = UTF-8
DATETIME_CONFIG = CURRENT
DEPTH_LIMIT = 1000
HEADER_MODE =
KV_MODE = multi
LEARN_MODEL = true
LEARN_SOURCETYPE = true
LINE_BREAKER = ^((?!))$
LINE_BREAKER_LOOKBEHIND = 100
MATCH_LIMIT = 100000
MAX_DAYS_AGO = 2000
MAX_DAYS_HENCE = 2
MAX_DIFF_SECS_AGO = 3600
MAX_DIFF_SECS_HENCE = 604800
MAX_EVENTS = 512
MAX_TIMESTAMP_LOOKAHEAD = 128
MUST_BREAK_AFTER =
MUST_NOT_BREAK_AFTER =
MUST_NOT_BREAK_BEFORE =
SEGMENTATION = indexing
SEGMENTATION-all = full
SEGMENTATION-inner = inner
SEGMENTATION-outer = outer
SEGMENTATION-raw = none
SEGMENTATION-standard = standard
SHOULD_LINEMERGE = false
TRANSFORMS =
TRUNCATE = 0
detect_trailing_nulls = false
maxDist = 100
priority =
sourcetype =

Any idea why I am getting errors concerning MAX_EVENTS and how I can resolve that?