Invalid key in stanza - kv_mode (value: xml)

mariannedave

There are no data being index from our setup below. Does "Invalid key in stanza ..... line 36: kv_mode (value: xml)" is the reason? If yes, what's wrong with KV_MODE = xml?

From Splunk Logs:
04-14-2021 19:34:49.555 +0200 WARN Application - Invalid key in stanza [XXXX] in /opt/splunk/etc/deployment-apps/XXXXXX/local/props.conf, line 36: kv_mode (value: xml).\n

props.conf

27: [XXXX]
28: BREAK_ONLY_BEFORE = goblygook
29: MAX_EVENTS = 200000
30: DATETIME_CONFIG = NONE
31: CHECK_METHOD = modtime
32: pulldown_type = true
33: LEARN_MODEL = false
34: SHOULD_LINEMERGE = true
35: TRUNCATE = 0
36: KV_MODE = xml
37: TRANSFORMS-set = setnull, accept_xml_files

transforms.conf

####################
[setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue

[accept_xml_files]
REGEX = <?xml version
DEST_KEY = queue
FORMAT = indexQueue

####################

inputs.conf

[monitor:///path/*.xml]
index = idx_sample
sourcetype = XXXX
crcSalt = <SOURCE>
initCrcLength = 512

Thank you.

Invalid key in stanza - kv_mode (value: xml)

props.conf

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >