I have some ftp log files that I am indexing and when I search, there will be events that have 275 lines in them instead of one line which is what I want. The lines look like this:
19:00 | 00:00:28.387 | 75 -Sent-> 1004 SSH_FXP_READDIR /Outbound/SON/.
19:00 | 00:00:28.434 | 75 <-Recv- 1004 SSH_FXP_STATUS EOF(1)
19:00 | 00:00:28.434 | 75 -Sent-> 1005 SSH_FXP_CLOSE
19:00 | 00:00:28.496 | 75 <-Recv- 1005 SSH_FXP_STATUS OK
They have a carriage return and line feed at the end of each line. I have tried the following settings in props.conf with no luck:
SHOULD_LINEMERGE = false
LINE_BREAKER=[\r\n]+ (both escaped)
TIME_PREFIX = |\s (both escaped)
TIME_FORMAT = %H:%M:%S.%3N
Any ideas?
