Hi Team,
We got a request to monitor the config file and raw data would be like this as mentioned below: But while indexing Splunk is taking each and every line in the config file as a separate event and splitting it instead of keeping it as a single event. We want the data to be a single event rather than segregating into multiple events so kindly help on this request.
Our main aim is to pull the full contents of each config file as a single log entry.
↧