Background information about my environment:
Distributed environment with CM server, clustered indexers(two indexers), two search heads(not clustered)
We have the F5 Network Apps that helps with the ingestion of our BigIP logs. We are experiencing extensive line breaking issues. Splunk isn't breaking each event into one log entry. We have tried countless LINE_BREAKING attributes. Our current props.conf attributes are as followed:
[f5:bigip:apm:syslog]
SHOULD_LINEMERGE = false
LINE_BREAKER = ^(\w{3})\s(\d{2})\s(\d{2}):(\d{2}):(\d{2})
↧