dacoburn
commented
6 years ago Thanks for the update @michaelwilde I'll get this resubmitted later today.
Closed michaelwilde closed 6 years ago
dacoburn
commented
6 years ago Thanks for the update @michaelwilde I'll get this resubmitted later today.
With the prior config, splunk often guessed the incorrect timestamp. This way, splunk should run more efficiently (With no guessing), and Sigsci data will be ingested as expected.
Also.. SHOULD_LINEMERGE =0 (is incorrect.. it is TRUE|FALSE.. and really should never be true if one provides a LINE_BREAKER setting, which one should always do. When we let machines guess, they take over our world become repairmen :)
Note.. you'll need to resubmit this for app cert (I think)