Hello,  I am streaming a list of data with the most recent timestamp, but the data is getting displayed in a different time.  For example: t=1632967410.582567 devicename=abc Ethernet.dst=### Ethernet.src=### Ethernet.type=65535 t=1632967410.582567 devicename=abc Ethernet.dst=### Ethernet.src=### Ethernet.type=65535 t=1632967410.582567 devicename=abc Ethernet.dst=### Ethernet.src=### Ethernet.type=65535 The Epoch conversion of the above timestamp (t=1632967410.582567 ) is 7:03:30.582 PM but the data on the dashboard is displayed at time 5:19:01.000 PM  Background: * Data is generated from a python script, the data is a list of events, and each event is printed to stdout * I have tried to include additional line breaks between each event, but it still streams it as a single chunk and displays it in a different timestamp * The version of SUF is 8.2.1 (build - ddff1c41e5cf)  * The version of Splunk Enterprise is 8.1.2 Can someone guide me on fixing this to print the streamed data in the correct timestamp?  Thank you. ... View more

Hello! I’m working on streaming telemetry data to Splunk. I use Splunk Universal Forwarder v7 x86_64 to capture and stream data to Splunk Enterprise 8. I use the script:// to capture data and run them at certain specified intervals. The data is being successfully streamed to the server. But, intermittently, splunkd (SUF) crashes, and I see the following error in my splunkd.log. 06-02-2020 17:12:27.975 -0700 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunkforwarder/var/log/splunk/btool.log'. 06-02-2020 17:12:27.993 -0700 INFO WatchedFile - Will begin reading at offset=1182 for file='/opt/splunkforwarder/var/log/splunk/splunkd-utility.log'. 06-02-2020 17:12:56.832 -0700 INFO ScheduledViewsReaper - Scheduled views reaper run complete. Reaped count=0 scheduled views 06-02-2020 17:30:37.696 -0700 WARN TailReader - Could not send data to output queue (parsingQueue), retrying... 06-02-2020 17:53:37.315 -0700 ERROR ProcessRunner - Error from ProcessRunner helper process: ERROR - Failed opening "": No such file or directory 06-02-2020 17:53:37.316 -0700 ERROR ProcessRunner - Error from ProcessRunner helper process: terminate called after throwing an instance of 'EventLoopException' 06-02-2020 17:53:37.316 -0700 ERROR ProcessRunner - Error from ProcessRunner helper process: what(): Main Thread: about to throw an EventLoopException: error from EventLoop poll: No such file or directory 06-02-2020 17:53:37.676 -0700 FATAL ProcessRunner - Unexpected EOF from process runner child! I have tried to grok through Splunk answers and on Google; but, I couldn’t find much documentation/articles on what file ProcessRunner was trying to open? Could someone help me or point me to the right channel to understand how I can fix this issue. Here’s my inputs.conf ’s script stanzas: [script://$SPLUNK_HOME/bin/scripts/<script-one>.py] source = source-one sourcetype = source-one [script://$SPLUNK_HOME/bin/scripts/<script-two>.path] source = source-two sourcetype = source-two interval = 60 [script://$SPLUNK_HOME/bin/scripts/<script-three>.path] source = source-three sourcetype = source-three interval = 1800 [script://$SPLUNK_HOME/bin/scripts/<script-four>.path] source = source-four sourcetype = source-four interval = 1800 Thank you! ... View more