hi everyone
i have a problem with events with sourcetype=json.
when i send several logs to splunk in json format less than aorund 30s, logs aggregated in one event.
WHY?
but when i use sourcetype=json_no_timestamp, every events correct and seperated.
can i help me , how can i solve my problem?
... View more