Hi
I have used python script to call some api's and sending the response to splunk.
If the response is small, splunk taking the data and indexing it, but if the data is large, splunk is truncating the data at some point and displaying only the truncated data:
source_type= _Json
props.conf:
[sourcetype]
TRUNCATE = 1000000
KV_MODE = json
CHARSET = UTF-8
LINE_BREAKER = +[^}]+}(,[\r\n]+)
SHOULD_LINEMERGE = false
input.conf:
[default]
host = F1WQGT1
time_before_close = 5
multiline_event_extra_waittime = true
Please suggest me some better ideas.
... View more