Splunk is indexing events in wrong format.
On Splunk forwarder, I am seeing these errors:
WARN UTF8Processor - Using charset UTF-8, as the monitor is believed over the raw text which may be UTF-16LE - data_source="C:\Program Files\SplunkUniversalForwarder\var\log\XXX.log", data_host="xxx", data_sourcetype="config"
A few events are indexed in the below format:
The input file data is in proper format which is output of Splunk btool cmd copied to file and ingested to Splunk.
May I know how can we handle this?
... View more