Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Multi-Line event truncated

damianshaw
Engager
‎01-05-2011 08:53 AM

Hi all,

I am demoing splunk to see if it's appropriate for the company I work for, one of the problems I have hit is one of the logs I would like it to index has 200+ line XML events. After successfully spending sometime working out how to get it to index the timestamp above the XML and not the timestamps in the XML I have now hit a problem with these events.

When the event hit approx 110 lines / 4026 characters it truncates at that point. Is there some workaround? I was looking at limits.conf but I can't find the right stanza / variable.

Tags (2)
0 Karma
Reply

damianshaw
Engager
‎01-06-2011 01:43 PM

Turns out it was our own logs that did this, doh!!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...