I'm working on a script to go with some Splunk alerts, and the CSV generated has a line break right in the middle of the "_si" field:
_bkt,_cd,_indextime,_raw,_serial,_si,_sourcetype...
main~2177~FDEAEF09-6590-4DEE-AE2F-1863332506D8,2177:295465158,1397158816,Apr 10 14:40:15 chmgl9mn15 nmunnel: multipathd: mark as failed,0,chmgl9mn10
main,syslog...
So, for some reason, this space between "chmgl9mn10 main" becomes a line-break, which is messing up the data (and script). Splunk doesn't appear to break the spaces in other fields, so maybe it's something weird about that specific "_si" key.
Have any of you seen this before? Is there something I can do that doesn't involve fragile regex kludges in my script?
Thanks very much.
I'm using v.6.1.3 and have the exact same problem.,