Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

carriage return in transaction results

rmurthy
Engager
‎11-22-2012 07:55 AM

I am using transaction and sending the result to an external workflow. The combined results from transaction appear one of the other which looks cluttered. Is there a way to make the individual events from transaction to appear as separate lines? I hope I am making sense.

Thanks.

0 Karma
Reply

BobM
Builder
‎11-22-2012 04:46 PM

There is a way you can do this with an eval function to insert a new line before the transaction. You will have to paste the new line in as typing it will trigger a search.

sourcetype=cisco_esa | eval _raw=_raw+"
"| transaction mid icid dcid

If you are adding this into a config file add a backslash \ before the newline.

Reply

woodcock
Esteemed Legend
‎07-05-2015 05:41 PM

This no longer works in v6.2.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...