Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Logs are getting truncated after the forwarding has been setup into splunk

Sujithkumarkb
Observer
‎08-21-2019 05:32 AM

The data in event 1 is incomplete and the rest of it is getting populated into event2 and so on .
If i am not wrong , i should break the line with the pattern example 2019-08-21T01:41:49.115-0500 INFO , 2019-08-21T01:12:53.584-0500 INFO
.Please correct me if i am wrong

event1

2019-08-21T01:41:49.115-0500 INFO 4227528 com.l7tech.log.custom.splunk.audits.log: -4: UNIQ_ID=20190821014149112000ded8-add8d3a | DOMAIN=prd| HOST=1.5.43 | TRANS_ID=0000b8dc4ded8-add8d34 | ClIENT_IP=174.24.7.5 | HTTP_METHOD=POST|
THUMBPRINT= incomplete

event 2

"transactionId" : "1566367971_176699920"

} | RESPONSE_PAYLOAD={"response":{"responseCode":2000,"responseDescription":"Success","responseStatus":"SUCCESS"}}
2019-08-21T01:12:53.584-0500 INFO 5999 com.l7tech.log.custom.splunk.audits.log: -4: UNIQ_ID=201908210112535800000016b8daeab36-ae0accf |METHOD=GET | API_KEY= | USERNAME=C=US, ST=Georgia, L=Atlanta, O=hum, OU=33bfb1c1b2adc3b2, CN=1-1QSEZ50 | THUMBPRINT=FgjXxqpgtzeLzjMxtoQ5yco= incomplete

Can anyone help me on this ?

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...