Hello,
im trying to skip one line while indexing whole file.
This is the line im trying to skip.
Trace Opening D:/nlog-all-2020-09-04.log with allowFileSharedWriting=False
It changes time stamp as u can see in title of the file.
How can i achieve it easiest way please?
props.conf
SEDCMD-trim=s/Trace Opening.*//
SHOULD_LINEMERGE=false
Still dont work. Maybe because that line starts with date + time? Is that possible?
All lines in that file starts with date + time but only the trace opening one is unwanted.
now, I can't verify REGEX.please fix it.
I just recommend that try SEDCMD to delete extra line.
Hi @Glace , could you please advise whether this line is one event or its part of an event when you are trying to ingest the log file in Splunk?
Hi @Nisha18789. This is one event.