04-06-2017 12:17:13.106 +0000 WARN AggregatorMiningProcessor - Changing breaking behavior for event stream because MAX_EVENTS (256) was exceeded without a single event break. Will set BREAK_ONLY_BEFORE_DATE to False, and unset any MUST_NOT_BREAK_BEFORE or MUST_NOT_BREAK_AFTER rules. Typically this will amount to treating this data as single-line only. - data_source="http-stream", data_host="104.45.139.239", data_sourcetype="log:websitewadlog"
component = AggregatorMiningProcessor index = _internal log_level = WARN source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd splunk_server = SplunkIndexer1
4/6/17
12:17:13.106 PM
04-06-2017 12:17:13.106 +0000 WARN AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded - data_source="http-stream", data_host="104.45.139.239", data_sourcetype="log:websitewadlog"
I have already updated the source type with truncate = 0 and max_events =1000 still i am facing the issue can any one help.
What else i could do to resolve this issue.
Thank,
Nishant kumar
... View more
