Hi There,
I have a log file that looks like this (where it says "blank line" is a blank line, not the words "blank line.")
blank line
Thu Aug 11 06:05PM paging-script.sh args: An Incident
11111111 Initial. [Priority 2-High]. Cust:Last, First A (555) 111-2222 DC 5B: Problem Description: 555-555-5555 u
calling page-member.sh auxiliary-ta email@domain.com Incident 11111111 Initial. [Priority 2-High]. Cust:Last, First A (555) 555-5555 DC 5B: Problem Description: 555-555-5555
Thu Aug 11 06:05PM paging-script.sh is complete.
blank line
Every instance of this file share this format. A blank line, followed by the date on the opening line, a line of text, and the closing line, which also starts with the date. Each entry has a blank line before it, and a blank line after it.
Using regex of %a %b %d %R%p I can parse the timestamp, but that means that the first and third lines end up being different records. If I leave event breaks set to Auto, it puts the time stamp on different lines. If I use the regex, it does the same things.
How would I set the source type to use the date format to open and close this code?
↧