Solved: Re: LINE_BREAKER keep the line breaking regex stri...

season88481 · ‎04-13-2020

Hi team,

I have logs like this:

This is Tom This is Amy This is David This is Ben

I want the line breaking to be like this:

This is Tom
This is Amy
This is David
This is Ben

Here is my LINE_BREAKER config

LINE_BREAKER = (this)

And my result is like:

 is Tom
 is Amy
 is David
 is Ben

So how could I keep the line breaking regex? In my case, the "this"?

Many thanks.
S

season88481 · ‎04-13-2020

I think I can answer my own question. Seems Line breaker needs 1 capturing group. Anything matched in the group will not be indexed.
So I updated the LINE_BREAKER to be:
LINE_BREAKER = (\s)this\s

View solution in original post

season88481 · ‎04-13-2020

I think I can answer my own question. Seems Line breaker needs 1 capturing group. Anything matched in the group will not be indexed.
So I updated the LINE_BREAKER to be:
LINE_BREAKER = (\s)this\s

to4kawa · ‎04-13-2020

LINE_BREAKER is REGEX
this is not same This

LINE_BREAKER = (?i)(\s)This

Line breaker needs 1 capturing group.
Yes, you are.

LINE_BREAKER keep the line breaking regex string

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation