Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I have log files. I want to ignore all the lines after a particular line from a log file. Can I do this with the help of sedcmd command? If yes then please tell me how can I do that?

saibal6
Path Finder
‎03-13-2018 04:56 AM

EVENT_SESH;0;01/03/2018 22:57:27:5000;1;1;0;;;END OF IMPORT PROCESS FOR THE MASTER STORE - PENDING_TXT(0)

after this line I want to ignore all the lines before indexing from the log files. Please suggest me how can i do this with the help of sedcmd command. I am using universal forwarder.

Please also tell me the exact path where I have to make changes for props.conf. I'm using windows OS

0 Karma
Reply

JDukeSplunk
Builder
‎03-15-2018 11:02 AM

This answer might help you.

https://answers.splunk.com/answers/594894/blacklist-log-events-not-log-filenames-using-a-str.html

This basically black-holes data that meets a specific regex. Of course, if the lines are not uniform this will be difficult.

http://docs.splunk.com/Documentation/Splunk/7.0.2/Forwarding/Routeandfilterdatad

0 Karma
Reply

saibal6
Path Finder
‎03-13-2018 05:36 AM

forgot to mention my source name (source: D:\CentralData\MONACO)

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...