==============================================
**Command: C:\cmd command - xxx..
Started at: 12/04/2017 07:03:02
Finished at: 12/04/2017 07:06:03 with code 0**
==============================================
**Command: C:\cmd command - xxx..
Started at: 12/04/2017 07:03:02
Finished at: 12/04/2017 07:06:03 with code 0**
==============================================
**Command: Command\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
Started at: 12/04/2017 07:06:03
Command output:
c:># xxxxxxxxxxxxxxxxxxx......
c:>xxxxxxxxxxxxxxxxxxxx
Finished at: 12/04/2017 07:06:25 with code 0**
==============================================
**Command: C:\cmd command - xxx..
Started at: 12/04/2017 07:06:25
Finished at: 12/04/2017 07:06:28 with code 0**
Individual log entries begin and end with a '====' separator.
Since the timestamp entries are seemless across logs, finished and new log parsing is erratic.
Tried with putting following prop.conf at $SPLUNK_HOME/system/local
[source_type]
LINE_BREAKER = [=]+
BREAK_ONLY_BEFORE_DATE = false
SHOULD_LINEMERGE = true
DATETIME_CONFIG = NONE
MUST_BREAK_AFTER = [=]+
... View more