There is no such method to wait for number of lines before indexing ,Splunk will start indexing the file as soon as they are available.

What is the problem with your files, are the events cut in multiple events :

A - are your events longer than 250 lines per events.
Splunk has a default limit for the multiline events, you can configure your sourcetype in props,conf (at the indexer/heavy forwarder level) with MAX_EVENTS=

B - Is your application using a write buffer and writing slowly in chunk (cutting events in the middle of the line ? )
you can use the setting time_before_close in inputs.conf on the forwarders for this monitor, to force Splunk to wait longer before detecting the EOF.

see http://docs.splunk.com/Documentation/Splunk/5.0.4/admin/Inputsconf
time_before_close =
* Modtime delta required before Splunk can close a file on EOF.
* Tells the system not to close files that have been updated in past seconds.
* Defaults to 3.

Señor Rodríguez:

I have deleted our struggles from last night and I am sending you an email. I will connect you with my colleague who covers Latin America.

I believe do understand what you need now, and I have a suggestion - but still am unclear about some of your environment and feel it is the translator that is not helping us.

When you have the solution, please post it here as the answer and I will up-vote so that others may benefit.