I have a indexes which is capturing logs in real time. However i have observed a strange thing happening when events are indexed in splunk. Splunk is adding a '=' between the event text. Below is an small snippet from logs
This is not Splunk; I am sure it is happening in your raw files before Splunk touches them. This is a sign of Quoted-printable encoding; QP works by using the equals sign "=" immediately followed by carriage return as an escape character to indicated a forced line-break, usually to limit the line length to 76, as some software/protocols (e.g. SMTP) have limits on line length.