Thanks Giuseppe. The logs I shared here are the last logs I received for this index. I also checked logs for ABC.csv which is used by the index, and same here - logs only until May 26th: 26/05/202...
See more...
Thanks Giuseppe. The logs I shared here are the last logs I received for this index. I also checked logs for ABC.csv which is used by the index, and same here - logs only until May 26th: 26/05/2024 02:19:39.647 // 05-26-2024 02:19:39.647 -0400 WARN TailReader [12321 tailreader0] - Access error while handling path: failed to open for checksum: '/opt/splunk/etc/apps/.../.../ABC.csv' (No such file or directory) 26/05/2024 02:19:38.208 // 05-26-2024 02:19:38.208 -0400 INFO WatchedFile [12321 tailreader0] - Will begin reading at offset=0 for file='/opt/splunk/etc/apps/.../.../ABC.csv'. 26/05/2024 02:19:38.208 // 05-26-2024 02:19:38.208 -0400 INFO WatchedFile [12321 tailreader0] - Checksum for seekptr didn't match, will re-read entire file='/opt/splunk/etc/apps/.../.../ABC.csv'. 26/05/2024 02:19:37.621 // 05-26-2024 02:19:37.621 -0400 WARN TailReader [12321 tailreader0] - Insufficient permissions to read file='/opt/splunk/etc/apps/.../.../ABC' (hint: No such file or directory , UID: 0, GID: 0). 26/05/2024 02:19:37.512 // 05-26-2024 02:19:37.512 -0400 INFO WatchedFile [12321 tailreader0] - Will begin reading at offset=0 for file='/opt/splunk/etc/apps/.../.../ABC.csv'. 26/05/2024 02:19:37.512 // 05-26-2024 02:19:37.512 -0400 WARN LineBreakingProcessor [12299 parsing] - Truncating line because limit of 10000 bytes has been exceeded with a line length >= 50968856 - data_source="/opt/splunk/etc/apps/.../.../ABC.csv", data_host="host", data_sourcetype="sourcetype" 26/05/2024 02:19:37.512 // 05-26-2024 02:19:37.512 -0400 INFO WatchedFile [12321 tailreader0] - Will begin reading at offset=0 for file='/opt/splunk/etc/apps/.../.../ABC.csv'. 26/05/2024 02:19:37.143 // 05-26-2024 02:19:37.143 -0400 WARN LineBreakingProcessor [12299 parsing] - Truncating line because limit of 10000 bytes has been exceeded with a line length >= 50276856 - data_source="/opt/splunk/etc/apps/.../.../ABC.csv", data_host="host", data_sourcetype="sourcetype" 26/05/2024 02:19:36.947 // 05-26-2024 02:19:36.947 -0400 INFO Dashboard - group=per_source_thruput, series="/opt/splunk/etc/apps/.../.../ABC.csv", kbps=219.057, eps=482.877, kb=6791.592, ev=14971, avg_age=0.000, max_age=0 Would this be of any help?