I am facing a problem and I need some advice/help. I am sorry if it sounds silly but I am new to Splunk and couldn't find an answer so far.
I am a regular Splunk user with no access to the server at all, nor configurations etc. The configuration cannot be changed and I am supposed to take advantage of its stats graphs as is.
I have built a script that writes log entries to a syslog, which is captured by Splunk. These log entries seems to be bigger than supported, thus it's broken in several lines.
The problem is that the log is truncated no matter where in the string and I have some keys truncated right in the middle. For example: I want to search for the key "this_is_my_key", but it's not found as it's split in 2 log entries. The first line ends with "this_is_m" and the second starts with "y_key". Therefore "this_is_my_key" is not found.
Is there a way to perform this search successfully?
Thank you guys.
↧