Re: Line breaker

vijreddy30 · ‎10-16-2023

Hi Team,

my requirement is write request is one event and Change Item into another event, please help me how to break the events

12:49:28 PM WriteRequest Remotexxxxxxxxxx+=0
12:49:28 PM WriteRequest Remotexxxxxxxxxxxxxx-=0
12:49:28 PM WriteRequest xxxxxxxx=ABEMA150

12:50:22 PM ChangeItem StatusDevices.xxxxxxxx=1
12:50:22 PM ChangeItem CurrentTest.DateEnd=25.06.2023 12:50:22
12:50:22 PM ChangeItem CurrentTesxxxxxxx=2

somesoni2 · ‎10-16-2023

How do they appear in Splunk right now?

vijreddy30 · ‎10-16-2023

12:49:28 PM WriteRequest Remotexxxxxxxxxx+=0
12:49:28 PM WriteRequest Remotexxxxxxxxxxxxxx-=0
12:49:28 PM WriteRequest xxxxxxxx=ABEMA150

Into One event

12:50:22 PM ChangeItem StatusDevices.xxxxxxxx=1
12:50:22 PM ChangeItem CurrentTest.DateEnd=25.06.2023 12:50:22
12:50:22 PM ChangeItem CurrentTesxxxxxxx=2

into another event

Line_BREAKER= ?

Please help me

inventsekar · ‎10-16-2023

Hi @vijreddy30 ...
Simplest one... you can do line-breaking with each line (as you are having timestamps nicely)

if you have any other "special requirements" with this logs, then, if you could update us more details, we could help you on the new line breaking ideas. thanks.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Line breaker

heavy forwarder

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?