cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sarithbabu
Engager
Member since: ‎01-25-2022
‎01-29-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-25-2022
Activity Feed
View All

Re: Join multiple lines using free text

by in Splunk Search
‎01-25-2022 03:59 PM
‎01-25-2022 03:59 PM
Wow... This code worked.     Thank you so much.     ... View more

Join multiple lines using free text

by in Splunk Search
‎01-25-2022 11:26 AM
‎01-25-2022 11:26 AM
I was trying to join multiple lines generated in /var/log/secure. I tried with transaction but looks like that doesn't work in this case. Below is the example of secure file.  In this case, I want to combine all these lines based on a common text "sshd[288792]". Your help on this would be really appreciated. I cannot search with same keyword as id in this sshd "288792" will be different for each sessions.  Jan 25 18:34:06 SERVER1 sshd[288792]: Connection from xxx.xxxx.xxx.xxx port xxxx on xxx.xxx.xxx.xxx port xx Jan 25 18:34:10 SERVER1 sshd[288792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid= Jan 25 18:34:10 SERVER1 sshd[288792]: pam_sss(sshd:auth): User info message: Your password will expire Jan 25 18:34:10 SERVER1 sshd[288792]: pam_sss(sshd:auth):  success; logname= uid=0 euid=0 Jan 25 18:34:10 SERVER1 sshd[288792]: Accepted  for xxxx from xxx.xxx.xxx.xxx port xxxxx xxx Jan 25 18:34:10 SERVER1 sshd[288792]: pam_unix(sshd:session): session opened for user xxxxx by (uid=0) Jan 25 18:34:10 SERVER1 sshd[288792]: User child is on pid 289788     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-29-2022 03:45 AM