Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to resolve timestamp and line processing issues in pdfgen.log ?

damode
Motivator
‎11-26-2017 04:10 PM

I am getting the below two warning messages,
1. 11-27-2017 06:00:22.902 +1100 WARN DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event (Mon Nov 27 06:00:20 2017). Context: source::C:\Program Files\Splunk\var\log\splunk\pdfgen.log|host::INDEXER|splunk_pdfgen|20662

11-27-2017 06:00:16.835 +1100 WARN LineBreakingProcessor - Truncating line because limit of 10000 bytes has been exceeded with a line length >= 17586 - data_source="C:\Program Files\Splunk\var\log\splunk\pdfgen.log", data_host="INDEXER", data_sourcetype="splunk_pdfgen"

  1. Sample timestamp in pdfgen.log looks like this
    2017-11-27 06:01:00,206 +1100 INFO pdfgen_table:1041 - renderTable> headerRow: ['host', 'src_interface', 'port_status', 'count']
    2017-11-27 06:01:09,519 +1100 INFO pdfgen_endpoint:271 - Generated pdf, filename = overview-2017-11-27.pdf

  2. props.conf
    [splunk_pdfgen]
    TIME_FORMAT = %m-%d-%Y %H:%M%S,%l
    SHOULD_LINEMERGE = False
    MAX_TIMESTAMP_LOOKAHEAD = 40

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...