If you want to do this, you'll need to define your own sourcetype via props and transforms. And then specify this sourcetype when you oneshot the data.
If you want to do this, you'll need to define your own sourcetype via props and transforms. And then specify this sourcetype when you oneshot the data.
Could you please provide more clarification?
Regards,
Ahmed
I created a bash script that include the oneshot command:
$SPLUNK add oneshot "$HOME/data.txt" -index myindex -hostname host1 -sourcetype datasource1
Then I realise my data log is all in one chunk - http://imgur.com/WD56m0y
Therefore I want to Event breaks at at every line when indexing the data via bash script command
Is there a augment for oneshot command to allow this option?