Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

is there a way for Splunk forwarder to merge difference lines to one event?

$
0
0
Hello, I just getting into Splunk and wondering if I can set the forwarder (maybe heavy forwarder) to merge different lines into one event. The lines are not necessarily one after the other. I want to merge them by some unique Id. Is it possible? Maybe not in the forwarder? If it is not possible, What is the recommended way to handle this? Thanks!

Viewing all articles
Browse latest Browse all 47296

Latest Images

Trending Articles



Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>