Hi ..
This is my sample event . splunk is unable to index this file...
Is the problem with the '|' symbol ??
my Sample event ::
01-FEB-2013 09:33:44¦1-4444¦1-4659793125¦1-252BJsE5¦31-JAN-2013 13:41:28¦31-JAN-2013 13:41:43¦Provide¦TransCssonv¦tored¦Committ¦Committed¦Add¦OI2E00571800¦R0152952¦1-4HU4T1¦00206¦777483678¦1-RVK-3¦B2B¦2055817255¦R2100_I2_OR10057_03_701878915_31-1T13-41¦06-FEB-2013 00:00:00¦06-FEB-2013 00:01:00¦06-FEB-2013 00:01:00¦¦31-JAN-2013 13:41:43¦1-252BJE5¦¦¦¦¦05-FEB-2013 09:00:00¦¦¦¦¦¦¦16¦¦¦¦¦¦1-252DM83¦¦¦01-FEB-2013 09:25:44¦N¦¦
Do you have a props config file for your indexer for this data? Try adding "NO_BINARY_CHECK=1" to it to see if that resolves your problem.
yeah I tried adding this.. but no luck ..my file extn is dat
nothing i could see in splunkd.log ..but i could see the error in hostname:8000/services/admin/inputstatus/TailingProcessor%3AFileStatus
as "unreadable file type"
Unable to index the file? What error do you get in splunkd.log that lead you to believe this?