Hi everyone, We have the following Splunk configuration: Splunk Cloud instance (managed) Universal Forwarder Monitoring log We need to index event logs with more than 256 lines. props.conf (located at: SplunkUniversalForwarder\etc\system\local) has the following configuration: [esb] disabled = false TRUNCATE = 0 LINE_BREAKER = ^.{4}-.{2}-.{2}\s.* SHOULD_LINEMERGE = true MAX_EVENTS = 100000 At search time, events appear truncated at max of 257 lines so, I suppose, that MAX_EVENTS props.conf isn't working. How can i solve this issue? Thanks ... View more