Hi All,
I have the logs in below format which is stored in a S3 bucket :
1567295878959445,hostname,ip,id,session,operation,db,query
The first field I believe is the Unix time stamp. When I am integrating those logs with Splunk Addon for AWS the line breaking is not happening as per the timestamp. Below is the sample log that I am receiving in splunk . The log is not breaking based on the timestamp as you can see below.
1567295878959445,hostname,ip,id,session,operation,db,query,1567295878959550,hostname,ip,id,session,operation,db,query'
Could anyone advise the configuration in props.conf to break these logs as per the timestamp. Ideally log should look like below in Splunk :
1567295878959445,hostname,ip,id,session,operation,db,query -log1
1567295878959550,hostname,ip,id,session,operation,db,query' -log2
Regards,
Samad
↧