Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you help me with a line break issue in the following regex search?

jip31
Motivator
‎09-22-2018 01:48 AM

hello

In the file attached, i need to do a line break not after a format date like "06/09/2018 - 14:21:24" as its actually done but just after ------
so i want that _raw is equal to all the text between ----- and -----

which regex should I use please??

Preview file
47 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎09-22-2018 07:37 AM

can you try below-

 [yourSourceType]
 SHOULD_LINEMERGE = false
 LINE_BREAKER = (---+)
...

View solution in original post

0 Karma
Reply
Solved! Jump to solution

pruthvikrishnap
Contributor
‎09-24-2018 01:55 PM

http://docs.splunk.com/Documentation/Splunk/7.1.3/Data/Configureeventlinebreaking#Specify_event_brea...

[source::source-to-break]
SHOULD_LINEMERGE = True
BREAK_ONLY_BEFORE =  -----
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎09-23-2018 07:52 AM

I try tomorrow and i keep you aware 😉

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎09-22-2018 07:37 AM

can you try below-

 [yourSourceType]
 SHOULD_LINEMERGE = false
 LINE_BREAKER = (---+)
...
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎09-24-2018 01:00 AM

hi
it doesnt works
the line breaker is done after:
14:23:01 ./ Installation Status
../ Completed

instead
06/09/2018 - 14:23:01 -- End of installation of ePO (5.0.5.658_64b) EN
14:23:08 ./ Check Product Endpoint Security (10.5.4_64b) EN installation Status
../ Completed
.../ Not installed

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎09-24-2018 01:24 AM

sorry it works ....
i need another change please
i would like to extract the word which is after "Installation of....." and the sentence "Failed Error code:"
could you help me please??

0 Karma
Reply
Solved! Jump to solution

Anam
Community Manager
Community Manager
‎09-24-2018 11:58 AM

@jip31

This is a whole new question that is being asked in the comment and since your original question was answered I have gone ahead and accepted the answer. If @493669 can help you with your new question in this thread that is great but I would recommend refraining from posting new questions in the same thread. Please post a new question to get maximum exposure and help.

Thanks
Anam

0 Karma
Reply
Solved! Jump to solution

493669
Super Champion
‎09-24-2018 01:24 AM

can you try :

SHOULD_LINEMERGE = true
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...