Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- LINE BREAKER REGEX
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, i need to identify i new line in my log file when line starts with MSG or ERR in order to get the message of error in a single line.
Sample log file data:
MSG;1193342275;1784053093;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,286; - START
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,305; - START
ERR;1193342275;573025154;gestoreprocessi;Log.fatal;29/06/2017 05:36:14,312;org.springframework.dao.DataAccessResourceFailureException: SqlMapClient operation; SQL [];
--- The error occurred in com/cervedgroup/cicloattivo/gestoreprocessi/db/dao/ibatis/maps/ReportWorkflowProcessi.xml.
--- The error occurred while applying a result map.
--- Check the GetIdWorkflowFromIdReport-AutoResultMap.
--- Check the result mapping for the 'ID_WORKFLOW' property.
--- Cause: java.sql.SQLRecoverableException: Closed Resultset: next; nested exception is com.ibatis.common.jdbc.exception.NestedSQLException:
--- The error occurred in com/cervedgroup/cicloattivo/gestoreprocessi/db/dao/ibatis/maps/ReportWorkflowProcessi.xml.
--- The error occurred while applying a result map.
--- Check the GetIdWorkflowFromIdReport-AutoResultMap.
--- Check the result mapping for the 'ID_WORKFLOW' property.
--- Cause: java.sql.SQLRecoverableException: Closed Resultset: next
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,315; - elabToElab:com.cervedgroup.cicloattivo.gestoreprocessi.db.ReportElab@6da21389
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,315; - elabToElab stato:SND
Any suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have found the solution:
BREAK_ONLY_BEFORE = MSG | ERR
it works !
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
