Invalid key in stanza - kv_mode (value: xml)

Getting Data In

There are no data being index from our setup below. Does "Invalid key in stanza ..... line 36: kv_mode (value: xml)" is the reason? If yes, what's wrong with KV_MODE = xml?

From Splunk Logs:
04-14-2021 19:34:49.555 +0200 WARN Application - Invalid key in stanza [XXXX] in /opt/splunk/etc/deployment-apps/XXXXXX/local/props.conf, line 36: kv_mode (value: xml).\n

props.conf

27: [XXXX]
28: BREAK_ONLY_BEFORE = goblygook
29: MAX_EVENTS = 200000
30: DATETIME_CONFIG = NONE
31: CHECK_METHOD = modtime
32: pulldown_type = true
33: LEARN_MODEL = false
34: SHOULD_LINEMERGE = true
35: TRUNCATE = 0
36: KV_MODE = xml
37: TRANSFORMS-set = setnull, accept_xml_files

transforms.conf

####################
[setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue

[accept_xml_files]
REGEX = <?xml version
DEST_KEY = queue
FORMAT = indexQueue

####################

inputs.conf

[monitor:///path/*.xml]
index = idx_sample
sourcetype = XXXX
crcSalt = <SOURCE>
initCrcLength = 512

Thank you.

Get Updates on the Splunk Community!

Invalid key in stanza - kv_mode (value: xml)

props.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation

Invalid key in stanza - kv_mode (value: xml)

props.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...