Data randomly stopped indexing full xml file

Getting Data In

As of midnight, 1/15/2020, we have about 3.5 Indexes which are no longer indexing the entirety of the XML files being monitored on the UF. I have looked through the splunkd.log files and searched throughout the _internal indexes to see if anything obvious is sticking out, but that's not the case. The XML files are being parsed up through the header and sometimes to the first line, but the remainder does not show up in the system. Everything was working fine up until now. Any help would be appreciated!

Get Updates on the Splunk Community!

Data randomly stopped indexing full xml file

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Data randomly stopped indexing full xml file

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future