This sounds like a UDP problem, not a splunk problem.
For me, anything up to 65507 bytes is received (and truncated to 10000 bytes). Anything longer just gets lost.
If you have perl, maybe try sending to the following script and seeing what happens:
my $usage = qq{Usage:
perl udp_server.pl port
};
use strict;
use IO::Socket;
my $port=shift or die "port not specified\n\n$usage";
my $response = IO::Socket::INET->new(Proto=>"udp",LocalPort=>$port)
or die "Can't make UDP server: $@";
my $message=0;
while(1){
print "Listening on $port...\n";
my ($datagram,$flags);
$response->recv($datagram,100000,$flags) or warn "recv failed: $!\n";
print "Got message ",++$message," from ", $response->peerhost,", flags ",$flags || "none",": $datagram\n", "length: ",length $datagram,"\n";
}
... View more