Hi,
I'm getting the following error in my splunkd.log, and I can't determine where the issue is. Hoping someone can help me...
The error is:
04-22-2013 14:45:41.122 -0400 ERROR DatetimeInitUtils - Invalid regex ^[ -- Regex: missing terminating ] for character class - data_source="F:\IBM\Lotus\Domino\Trace\UserInfoSA_130419_2323_0.txt", data_host="blahblahblah", data_sourcetype="STCommunityTraceLogs_user"
My inputs.conf is:
[monitor://F:\IBM\Lotus\Domino\Trace\User*.txt]
sourcetype = STCommunityTraceLogs_user
index = euc_sametimedata
disabled = false
followTail = 0
crcSalt =
and my props.conf is:
[STCommunityTraceLogs_user]
TIME_FORMAT = %H:%M:%S.%3N | %d.%m.%Y
MAX_TIMESTAMP_LOOKAHEAD = 55
NO_BINARY_CHECK = 1
SHOULD_LINEMERGE = false
TIME_PREFIX = ^[
Here's some sample lines...
[ 14:38:32.235 | 24.01.2013 | INFO | main ] : UserInfoLogger : info : Initializing UserInfo SA
[ 14:38:32.329 | 24.01.2013 | INFO | main ] : UserInfoLogger : info : openning storage 0 for storage type LDAP
[ 14:38:32.329 | 24.01.2013 | INFO | main ] : UserInfoLogger : info : openning provider host=fidvirtualdir-qa.fmr.com port=2491(&(objectclass=FidelityPerson)(|(mail=%s)(cn=%s)(uid=%s))) storage num=0
[ 14:38:32.329 | 24.01.2013 | INFO | main ] : UserInfoLogger : info : opening detail id=MailAddress type=text/plain fieldName=Mail storage num=0
[ 14:38:32.329 | 24.01.2013 | INFO | main ] : UserInfoLogger : info : opening detail id=Name type=text/plain fieldName=cn storage num=0
[ 14:38:32.329 | 24.01.2013 | INFO | main ] : UserInfoLogger : info : opening detail id=Title type=text/plain fieldName=title st
