Hi All,
I have the logs in below format which is stored in an S3 bucket :
1567295878959445,hostname,ip,id,session,operation,db,query
The first field I believe is the Unix timestamp. When I am integrating those logs with Splunk Addon for AWS the line breaking is not happening as per the timestamp.
Below is the sample log that I am receiving in Splunk. The log is not breaking based on the timestamp as you can see below:
1567295878959445,hostname,ip,id,session,operation,db,query,1567295878959550,hostname,ip,id,session,operation,db,query'
Could anyone advise the configuration in props.conf to break these logs as per the timestamp? Ideally, log should look like below in Splunk :
1567295878959445,hostname,ip,id,session,operation,db,query -log1
1567295878959550,hostname,ip,id,session,operation,db,query' -log2
Regards,
Samad
... View more