Hi,
I have the below log data:
16:37:56.875 [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG splunk - {'externalRefId':'exr654321','message':'input: {"wifiNetwork":{"ssidName":"YOCTO_2.1S9","securityPassphrase":"xxxxxxx"}}'}
16:37:56.883 [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG splunk - {'externalRefId':'exr654321','message':'Calling https://csp-stg.codebig2.net/selfhelp/account/exr654321/services/home/wifiNetwork'}
16:37:57.296 [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG splunk - {'externalRefId':'exr654321','message':'RMA service return 202','serverResponseTimeMs':'413'}
and whenever it is imported into Splunk using the Universal Forwarder, it treats it as one event (see image)
How can I get Splunk to separate each line?
1 Solution
