My Search query:
source="test source" "AggCd" AND "test2# " AND "TransTypeCd " AND (NOT ("test2# null")) | rex "test2# (?<test_no>\d+),"| where (!isnum(test_no))
Search result (5 lines being returned):
[11/28/11 0:59:57:958 EST] 000027ad SystemOut O AggCd , RqUID 2011-11-28T00:59:57-05:0033999785, test# 20412042, TransTypeCd PE, SubTransTypeCd , Term CURRENT, Status 00
[11/28/11 0:59:57:973 EST] 000027b4 SystemOut O AggCd , RqUID 70485b0a-42f8-99f2-efd78929db9f, test2# 6759 !47, TransTypeCd RQ,
[11/28/11 0:59:57:977 EST] 000027b4 SystemOut O AggCd , RqUID 7048ab0a-42f8-99f2-efd78929db9f, TransTypeCd RQ, MAILER 15 ms
[11/28/11 0:59:58:006 EST] 000027b0 SystemOut O Host requesting current state inquiry on
[11/28/11 0:59:58:017 EST] 000027b4 SystemOut O AggCd , RqUID 7048546-42f8-99f2-efd78929db9f, TransTypeCd RQ,
Question:
I want to search for one line at a time not a collection of indexed lines.
I don't want to change SHOULD_LINEMERGE to "false" in props.conf (default is true).
... View more