Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help on rex

vishwa
Path Finder
‎03-26-2024 04:11 PM

Below are the sample logs , i am not getting how to write props line breaker. can anyone help on this.

A0C0A0H8~~AB~ABCg.C~AB~Wed Jan 11 19:11:17 IST 2021~C~0.00~0.00~0.01~Z~1HTYYY
B0C0A0K8~~AB~ABCUHg.C~AB~Mon Jan 10 20:11:17 IST 2021~C~0.00~0.00~0.01~Z~1HTYYY1245
D0C01010~~CD~SDRg.D~HH~Thu Jan 20 11:11:17 IST 2021~C~0.00~0.00~0.01~Z~1140AU
A0C01212~~AB~ABCg.C~AB~Wed Jan 11 19:11:17 IST 2021~C~0.00~0.00~0.01~Z~1HTYYY

 

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-26-2024 04:56 PM

If it's a single line per event then the standard line breaker ([\r\n]+) should work fine.

What settings are you using now and how are they failing you?

This Splunk Lantern article may shed some light on the process: https://lantern.splunk.com/Splunk_Platform/Product_Tips/Data_Management/Configuring_new_source_types

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Related Topics
need help on rex
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...