Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

LINE BREAKER REGEX

patriziadepaola
Explorer
‎07-13-2017 01:08 AM

Hello, i need to identify i new line in my log file when line starts with MSG or ERR in order to get the message of error in a single line.

Sample log file data:

MSG;1193342275;1784053093;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,286; - START
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,305; - START
ERR;1193342275;573025154;gestoreprocessi;Log.fatal;29/06/2017 05:36:14,312;org.springframework.dao.DataAccessResourceFailureException: SqlMapClient operation; SQL [];

--- The error occurred in com/cervedgroup/cicloattivo/gestoreprocessi/db/dao/ibatis/maps/ReportWorkflowProcessi.xml.

--- The error occurred while applying a result map.

--- Check the GetIdWorkflowFromIdReport-AutoResultMap.

--- Check the result mapping for the 'ID_WORKFLOW' property.

--- Cause: java.sql.SQLRecoverableException: Closed Resultset: next; nested exception is com.ibatis.common.jdbc.exception.NestedSQLException:

--- The error occurred in com/cervedgroup/cicloattivo/gestoreprocessi/db/dao/ibatis/maps/ReportWorkflowProcessi.xml.

--- The error occurred while applying a result map.

--- Check the GetIdWorkflowFromIdReport-AutoResultMap.

--- Check the result mapping for the 'ID_WORKFLOW' property.

--- Cause: java.sql.SQLRecoverableException: Closed Resultset: next
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,315; - elabToElab:com.cervedgroup.cicloattivo.gestoreprocessi.db.ReportElab@6da21389
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,315; - elabToElab stato:SND

Any suggestions?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

patriziadepaola
Explorer
‎07-13-2017 03:23 AM

I have found the solution:

BREAK_ONLY_BEFORE = MSG | ERR

it works !

View solution in original post

Reply
Solved! Jump to solution
Solution

patriziadepaola
Explorer
‎07-13-2017 03:23 AM

I have found the solution:

BREAK_ONLY_BEFORE = MSG | ERR

it works !

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...