About mv059

mv059 · ‎08-17-2020

Thanks for your input so i was missing the start of line in my regex

mv059 · ‎08-17-2020

Hi I am facing a challenge with some of the splunk logs being merged as a one event. I have tried breaking them by updating below in splunk forwarder config but doesnt't work. can someone suggest what i am missing here props.conf in local ########## APPLICATION SERVERS ###### [default] SHOULD_LINEMERGE = false [event_logservice] SHOULD_LINEMERGE = false LINE_BREAKER= (\d{4}-\d{2}-\d{2}\s+\d+:\d+:\d+.\d+\s+-\d+\s+Event) MAX_TIMESTAMP_LOOKAHEAD = 75 TRUNCATE = 0 Additional details : Logs are being written to files by logstash and then forwarder is reading and pushing data My log file : 2020-08-17 14:49:21.161 -0700 Event log_level="info" build_id="HEAD (d3b8457cc9)" bzdate="20200817" serial_no="KJST45HSS" register="ABC" sessionId="KJST45HSS_20200817_144739196_1" wid="H34-vx-841D6B9C-8158-4975-9AB3-FDB5E9FD80E8" component="Manager" message="adding " 2020-08-17 14:49:21.163 -0700 Event log_level="info" build_id="HEAD (d3b8457cc9)" bzdate="20200817" serial_no="KJST45HSS" register="ABC" sessionId="KJST45HSS_20200817_144739196_1" wid="H34-vx-841D6B9C-8158-4975-9AB3-FDB5E9FD80E8" component="Manager" message="adding completion " ** example above 2 rows and shown merged in splunk.. and it is happending randomly for other log events also.

Posts	2
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎08-17-2020

Online Status	Offline
Date Last Visited	‎08-17-2020 09:39 PM

Log events are being merged for few cases

Re: Log events are being merged for few cases

Log events are being merged for few cases

Join the Conversation

Log events are being merged for few cases

Re: Log events are being merged for few cases

Log events are being merged for few cases