How to split single line event into multiple events based on pattern?

flucman — Mon, 28 Sep 2020 17:01:37 GMT

Is it possible to split a single line event into multiple based on a pattern? Ex. I have:

SNMPv2-SMI::enterprises."4551.5.1.1.1.1.4.8.4.1.6.1.1" = "4.168961" SNMPv2-SMI::enterprises."4551.5.1.1.1.1.4.8.4.1.9.1.1" = "1"

on one line and want to split it into two SNMP events. I have been testing with LINE_BREAKER and BREAK_ONLY_BEFORE in props.conf but not having any luck. Have tried the below (one at a time):

BREAK_ONLY_BEFORE = SNMPv2

LINE_BREAKER = ([\r\n]+)|SNMPv2

Thanks!

Re: How to split single line event into multiple events based on pattern?

chanfoli — Mon, 28 Sep 2020 17:01:42 GMT

Something along the lines of this will cause it the see the string as your line breaker and appears to break the events up, with the side effect of disposing of the line breaker text:

LINE_BREAKER=(SNMPv2-SMI)
NO_BINARY_CHECK=1
SHOULD_LINEMERGE=false

topic How to split single line event into multiple events based on pattern? in Getting Data In

How to split single line event into multiple events based on pattern?

Re: How to split single line event into multiple events based on pattern?