Thank for the reply Rob. I am sorry to confuse you with the lack of detail in the post. I have a log file where 8 lines in the middle are getting truncated. I want to set my source type configuration so they donot get truncated. Here is the original log file
"AppData" : {
"user_info" : {
"USERID" : "",
"USER_CHICAGO_ID" : "",
"USER_PASSWORD" : "*****",
"USER_LAST_NAME" : "",
"USER_FIRST_NAME" : "",
"DEPT_ID" : "",
"USER_STAR_BADGE" : "",
"USER_TYPE_CD" : "",
"USER_EMAIL" : "",
"SECUR_ROLE_ID" : "",
"USER_STATUS_CD" : "",
"USER_STATUS_DATE" : "",
"CREATE_TIMESTAMP" : "",
"CREATE_USERID" : "",
"UPDATE_TIMESTAMP" : "2018-06-27 09:39:13.0",
"UPDATE_USERID" : ""
},
"image_info" : {
"image_key" : "359764084248580-img15_jpg-1539965048401",
"image_len" : 903988,
"create_time" : 1539965048401,
"location" : {
Here is what splunk is extracting
},
"AppData" : {
"user_info" : {
"USERID" : "607",
"USER_CHICAGO_ID" : "",
"USER_PASSWORD" : "",
"USER_LAST_NAME" : "",
"USER_FIRST_NAME" : "",
"DEPT_ID" : "13",
"USER_STAR_BADGE" : "",
"USER_TYPE_CD" : "",
"USER_EMAIL" : "",
"SECUR_ROLE_ID" : "",
"USER_STATUS_CD" : "",
"create_time" : ,
"location" : {
If you see the lines between "USER_STATUS_CD" : "", and "create_time" : , are missing. I don't want those lines are missing. I want Splunk to extract those lines too.
... View more