Skip indexing one line

Glace · ‎09-04-2020

Hello,

im trying to skip one line while indexing whole file.

This is the line im trying to skip.

Trace Opening D:/nlog-all-2020-09-04.log with allowFileSharedWriting=False

It changes time stamp as u can see in title of the file.

How can i achieve it easiest way please?

to4kawa · ‎09-04-2020

props.conf

SEDCMD-trim=s/Trace Opening.*//

SHOULD_LINEMERGE=false

Glace · ‎09-04-2020

Still dont work. Maybe because that line starts with date + time? Is that possible?

All lines in that file starts with date + time but only the trace opening one is unwanted.

isoutamo · ‎09-07-2020

Hi
It's easier to help you, if you post real sample which whole line instead of tell partially what it contains.
r. Ismo

to4kawa · ‎09-04-2020

now, I can't verify REGEX.please fix it.

I just recommend that try SEDCMD to delete extra line.

Nisha18789 · ‎09-04-2020

Hi @Glace , could you please advise whether this line is one event or its part of an event when you are trying to ingest the log file in Splunk?

Glace · ‎09-07-2020

Hi @Nisha18789. This is one event.

Skip indexing one line

field extraction

other

regex

stats

timechart

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel