Thanks I tested this. I am getting 100 new raw_ columns with empty values. Not sure whats happening.
Let me illustrate the problem, Here's the log file
09-15-2015 00:01:01 INFO: Blah I did something cool
09-15-2015 00:01:02 INFO: Blah I did something cool again
09-15-2015 00:01:03 WARN: Blah Somebody did, I hear it
09-15-2015 00:01:02 WARN: Blah That was'nt cool after all
09-15-2015 00:01:04 WARN: BLah Somebody did, I smell it
09-15-2015 00:01:05 INFO: Look at moon its shiny today
09-15-2015 00:01:08 ERROR: Ooppps wetted the pants
I set up a splunk alert on "ERROR", I want to get the entire history of previous line, along with the Alert
... View more