I have been trying to get the following sourcetype into Splunk for PI. This whole stanza should go in as 1 event, but I've been unable to get the breakdown to multiple events from happening:
{
"Pa...
See more...
I have been trying to get the following sourcetype into Splunk for PI. This whole stanza should go in as 1 event, but I've been unable to get the breakdown to multiple events from happening:
{
"Parameters": null,
"ID": 2185,
"TimeStamp": "\/Date(1718196855107)\/",
"Message": "User query failed: Connection ID: 55, User: xxxxx, User ID: 1, Point ID: 247000, Type: summary, Start: 12-Jun-24 08:52:45, End: 12-Jun-24 08:54:15, Mode: 5, Status: [-11059] No Good Data For Calculation",
"ProgramName": "sssssss",
"Category": null,
"OriginatingHost": null,
"OriginatingOSUser": null,
"OriginatingPIUser": null,
"ProcessID": 5300,
"Priority": 10,
"ProcessHost": null,
"ProcessOSUser": "SYSTEM",
"ProcessPIUser": null,
"Source1": "piarcset",
"Source2": "Historical",
"Source3": null,
"SplunkTime": "1718196855.10703",
"Severity": "Warning"
},
I have even tried using the _json defaulted with Splunk, but it keeps breaking it into multiple lines/events. Any suggestions would be helpful.