https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345256#M63451 <P>[Pra] KPI_DB_001: Transactions per sec</P> <P>Detailed breakdown of processing time % Total<BR /><BR /> ***********************************************<BR /> Total processing 100 14566023932 </P> <P>Section execution<BR /><BR /> TOTAL_SECTION_PROC_TIME 3 575697340 </P> <H1> TOTAL_SECTION_SORT_PROC_TIME 0 3809 </H1> <P>[Pra] KPI_DB_005 Buffer pool hit ratio. </P> <P>Type Ratio Formula </P> <HR /> <P>Data 9 (1-(16829502+6813417-15031035)/(3417808829+576<BR /> Index 99 (1-(4308509+1968-191493)/(6726500833+356522)) </P> <P>================================================================================ </P> <P>[Pra] KPI_DB_007 </P> <PRE><CODE>Per activity Total (micro sec or nano sec ?) </CODE></PRE> <P>LOCK_WAIT_TIME 0 2131581<BR /><BR /> LOCK_WAITS 0 547 </P> <P>================================================================================</P> <P>[Pra] KPI_DB_006 </P> <P>Row processing <BR /> ROWS_READ/ROWS_RETURNED = 3325 (292223944055/87871120)</P> <P>================================================================================</P> <P>i want each kpi as individual event while importing my log file, please help me <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 29 Sep 2020 15:50:21 GMT senthamilselvan 2020-09-29T15:50:21Z https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345256#M63451 <P>[Pra] KPI_DB_001: Transactions per sec</P> <P>Detailed breakdown of processing time % Total<BR /><BR /> ***********************************************<BR /> Total processing 100 14566023932 </P> <P>Section execution<BR /><BR /> TOTAL_SECTION_PROC_TIME 3 575697340 </P> <H1> TOTAL_SECTION_SORT_PROC_TIME 0 3809 </H1> <P>[Pra] KPI_DB_005 Buffer pool hit ratio. </P> <P>Type Ratio Formula </P> <HR /> <P>Data 9 (1-(16829502+6813417-15031035)/(3417808829+576<BR /> Index 99 (1-(4308509+1968-191493)/(6726500833+356522)) </P> <P>================================================================================ </P> <P>[Pra] KPI_DB_007 </P> <PRE><CODE>Per activity Total (micro sec or nano sec ?) </CODE></PRE> <P>LOCK_WAIT_TIME 0 2131581<BR /><BR /> LOCK_WAITS 0 547 </P> <P>================================================================================</P> <P>[Pra] KPI_DB_006 </P> <P>Row processing <BR /> ROWS_READ/ROWS_RETURNED = 3325 (292223944055/87871120)</P> <P>================================================================================</P> <P>i want each kpi as individual event while importing my log file, please help me <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 29 Sep 2020 15:50:21 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345256#M63451 senthamilselvan 2020-09-29T15:50:21Z https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345257#M63452 <P>HI senthamilselvanj,<BR /> did you tried to insert in your props.conf something like the following configuration?</P> <PRE><CODE>[ your_sourcetype] SHOULD_LINEMERGE=true NO_BINARY_CHECK=true BREAK_ONLY_BEFORE=\[Pra\]\s+KPI </CODE></PRE> <P>Bye.<BR /> Giuseppe</P> Thu, 21 Sep 2017 15:09:56 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345257#M63452 gcusello 2017-09-21T15:09:56Z https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345258#M63453 <P>Hi Giuseppe,</P> <P>Thank you for the replay, I tried but the syntax is not working as expected. Please find the below detailed info.<BR /> The below is my sample log files. All the information will come as single log file and i want to breaks this as separate events based on the delimiter "=====" . which is coming along with the log file. </P> <H2>Monitoring report - database summary</H2> <P>Database: DQA01CDW<BR /><BR /> Generated: 08/16/2017 11:03:38 </P> <H1> Interval monitored: 900 </H1> <P>Transactions per sec<BR /> ACT_COMPLETED_TOTAL 2760<A href="https://community.splunk.com/TPS%20Value" target="_blank">Pra</A> 2484587[Pra] TPS cumulative value for last 900 sec </P> <H1> Component times </H1> <P>-- Detailed breakdown of processing time -- </P> <PRE><CODE> % Total ---------------- -------------------------- </CODE></PRE> <H1> Total processing 100 14566023932 </H1> <P>Buffer pool hit ratio. This KPI is captured based on type, we can include Data, Index, XDA, COL. Formula is nice to have<BR /> Buffer pool </P> <HR /> <P>Buffer pool hit ratios </P> <P>Type Ratio Formula </P> <HR /> <H1> Data 9<A href="https://community.splunk.com/Value" target="_blank">Pra</A> (1-(16829502+6813417-15031035)/(3417808829+576 </H1> <P>I tried using the below props.config file to split the logs<BR /> [dbmonitoring]<BR /> BREAK_ONLY_BEFORE = [=]+<BR /> DATETIME_CONFIG = CURRENT<BR /> NO_BINARY_CHECK = true<BR /> category = Application<BR /> pulldown_type = true</P> <P>But still events are not separated as expected based on delimiter. </P> <P>Thanks<BR /> selvan</P> Tue, 29 Sep 2020 15:50:29 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-split-a-log-file-which-contain-multiple-KPI-information/m-p/345258#M63453 senthamilselvan 2020-09-29T15:50:29Z