@niketnilay
Thanks for your response. I guess I didn't make it clear... Before I output the data to be ingested in splunk I transform it to a string. This is required as I concatenate it to. Key value (ie. "Kv1=" + var)

It's odd, following my example before I can actually output the value of s4 (which is 15 digits itself) and splunk will ingest it.
It's something about adding there fourth value to the others leaves the result in a form that splunk won't ingest ...
If you reply can you do so in an answer below instead of a comment?

Just to add to this, I tried a scripted input that simply returns a large number (echo bytes="some_big_number") and was able to push very large numbers into splunk without issue - this might suggest it's a script issue, rather than a Splunk issue?

Yeah Im finding less and less rhyme and reason to this surrounding the size of the number. Some of them will ingest with 12 digits, some with 15+ and some won't with 12 and some won't with 15. I have tried to see if there was special characters around the values Im trying to ingest but using python's repr function didn't show any. Im curious about switching the values to hex and then back... need to investigate. I think its something about the nature of the SNMP 64 bit values Im bringing in using the HC snmp metrics (ie. ifHCInOctets, ifHCOutOctets) But Im not sure of that either.

A sample of my code exists in a comment below.

@mtulett, tanks for that evidence. I think we all agree that issue is while ingesting from Python, since @EricLloyd79's attempt to fix data being treated as Long integer failed, I was proposing Python script to convert number to Hexadecimal, that way the same can be ingested and used within Splunk. If required it can be formatted back to number using formatting command before displaying to users.

@niketnilay
Thanks for the suggestion, it will indeed process the value as hex and display it but as per my use case is to use the PHP API to retrieve these values via a report. I dont think its acceptable for me to leave them in there are hex numbers and then transform them in the PHP API report we're creating I need them to be ingested as strings (without quotes). 😞 I even tried converting it back from hex to integer to string before ingesting and it refuses that value.

@niketnilay this is an intriguing prospect. Switching to hex and then back maybe will possibly strip the variable in a form that splunk will accept? They have to be ingested as numbers, though, not hex.

I reworked it using a python script as the input, however it's still working correctly. I'm simply printing the output like so:

bytes = 65816843135136843513543434236856165465415641651651
print ("bytes=" +str(bytes))

Which gave me input with no issues:

Ah it seems Python is adding a trailing L that appears on large integers and for some reason Splunk won't ingest it! Now to find a way to get rid of that L!

That wasn't the answer. That was from me converting one of the values to a long but even without the L there it won't ingest into Splunk...

@EricLloyd79, the reason why I kept it as a comment and not an answer was to keep it unanswered so that it remains flagged for others as well to resolve.

I am just speculating things and your trials seem to fail as well. Can you try a different approach of converting the input value to Hexadecimal in your Python code and then insert to Splunk? Later in Splunk perform operations on Hexadecimal and then convert to number afterwards to be displayed as end results. You can use printf() or tostring() function to perform this.

While I agree that this shouldn't be an issue, can you add the numbers up inside splunk, rather than inside your script?

I would expect any data to be ingested correctly if you have output in key="value" format (which is what you're returning, right?).

Yes I am returning format key=value. I can get it to return kv1="1238472743383741" but I need to have it without the quotes. (It returns that way if I return it as print(repr("kv1=" + val))

I considered adding the numbers in Splunk but some of the base SNMP values are actually not ingesting by themselves either.

@EricLloyd79, I would not expect Splunk to complain about data being inserted as it would consider it as string.

Even if it was a number Splunk should have picked up length of 15.

|  makeresults
|  eval data="133395228938698"
|  eval dataLength=len(data)
|  eval dataNum=tonumber(data)
|  eval dataNumLength=len(dataNum)

If the above number was 18 digits or more then you would start seeing rounding off of numeric data for example: try | eval data="133395228938630445"

Not sure if this is the right place but can you check in Python Script if somewhere data being ingested can be converted from number to string?