- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can you help me with a line break issue in the fol...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello
In the file attached, i need to do a line break not after a format date like "06/09/2018 - 14:21:24" as its actually done but just after ------
so i want that _raw is equal to all the text between ----- and -----
which regex should I use please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you try below-
[yourSourceType]
SHOULD_LINEMERGE = false
LINE_BREAKER = (---+)
...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[source::source-to-break]
SHOULD_LINEMERGE = True
BREAK_ONLY_BEFORE = -----
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I try tomorrow and i keep you aware 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you try below-
[yourSourceType]
SHOULD_LINEMERGE = false
LINE_BREAKER = (---+)
...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi
it doesnt works
the line breaker is done after:
14:23:01 ./ Installation Status
../ Completed
instead
06/09/2018 - 14:23:01 -- End of installation of ePO (5.0.5.658_64b) EN
14:23:08 ./ Check Product Endpoint Security (10.5.4_64b) EN installation Status
../ Completed
.../ Not installed
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry it works ....
i need another change please
i would like to extract the word which is after "Installation of....." and the sentence "Failed Error code:"
could you help me please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anam
@jip31
This is a whole new question that is being asked in the comment and since your original question was answered I have gone ahead and accepted the answer. If @493669 can help you with your new question in this thread that is great but I would recommend refraining from posting new questions in the same thread. Please post a new question to get maximum exposure and help.
Thanks
Anam
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you try :
SHOULD_LINEMERGE = true
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
Updated Data Management and AWS GDI Inventory in Splunk Observability
