I have a data input for .csv files on splunk, these files are created on a daily basis and named with the day's datestamp as filename, such as _20150521120829589.csv.
I can see that the files are being indexed and its turning up events on search. but when I try to view the contents of the file (say for example using "<all the required search query here> | table Record_Type Action Client_Id Sku-Id" it gives me empty tables, even though it shows the value for statistics as 444,942.
Two things stand out when i check the splunkd.log
1.Breaking event because limit of 256 has been exceeded
2.. Too many events (100K) with the same timestamp: incrementing timestamps 1 second(s) into the future to insure retrievability
I took a look at the csv file and the number of rows is above 111k. Can anyone please advise how I make the data visible (as it seems available)?