Hi, I would like to index a whole folder which contain XML files for SSO system.The XML log file format end with .svclog. The XML file contain such info:
<e2etraceevent xmlns="xxxx">However, when i try to remove the first line of the logs, <e2etraceevent xmlns="xxxx">, Splunk suddenly able to index the logs.
Question: 1. Does Splunk has limitation to index the XML file if the XML file contain some header that might restrict the file to be index by Splunk? 2. How to resolve this instead of modifying the raw file?
Thanks