Dears,
I have an app which generates logs in following pattern:
----------------------------------------
Timestamp: 2019-08-23 14:00:01.545
UserLogin: ascache
UserId: -1
Severity: Information
Message: REQUEST
----------------------------------------
----------------------------------------
Timestamp: 2019-08-23 14:00:02.949
UserLogin: Gistt
UserId: -1
Severity: Information
Message: REQUEST
----------------------------------------
----------------------------------------
Timestamp: 2019-08-23 14:00:24.634
UserLogin: rerwer
UserId: 3254
Severity: Information
Message: xxxx
----------------------------------------
Every `event` is encapsulated betwen `----------------------------------------` characters. I'm trying to have Splunk break this accordingly, but I'm failing.
I've tried the following stanzas (commented out are ones that failed, uncommented also fail...):
# [APP-Trace.log]
# LINE_BREAKER = \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
#
# [APP-PerformanceLogs.log]
# LINE_BREAKER = \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
# # 13:51 2019-08-29
# [APP-Trace.log]
# LINE_BREAKER = \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\s+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
# [APP-PerformanceLogs.log]
# LINE_BREAKER = \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\s+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
[APP-Trace.log]
LINE_BREAKER = \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
SHOULD_LINEMERGE = false
[APP-PerformanceLogs.log]
LINE_BREAKER = \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
SHOULD_LINEMERGE = false
Can you please assist how to properly capture this?
Thank you,
↧