Why are my events not splitting correctly by times...

yqifan83 · ‎12-01-2016

My props.conf has:

TZ=UTC
TRUNCATE = 0
BREAK_ONLY_BEFORE_DATE = true
TIME_FORMAT = %d%b%Y_%H:%M:%S.%3N
MAX_DAYS_HENCE = 5
MAX_TIMESTAMP_LOOKAHEAD = 24
SHOULD_LINEMERGE = true

My events are like this:

01DEC2016_09:28:00.873 INFO [machine] 348 GMT2016-12-01T09:28:00.792Z (78 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 initialize storage: 
{
    "toastPosition": {
        "x": 400,
        "y": 0
    },
    "toastListSize": {
        "width": 600,
        "height": 190
    },
    "toastPageSize": {
        "width": 300,
        "height": 230
    },
    "columnSizes": {
        "selectedColumnWidth": 30,
        "timestampColumnWidth": 70,
        "dealcodeColumnWidth": 65,
        "aliasColumnWidth": 65,
        "firmnameColumnWidth": 200
    },
    "windowId": "5a2bbf703d160d47bdd7af216868aa40",
    "feedSettings": {
        "showFeed": false,
        "feedFilter": 1,
        "feedWeight": 0.3,
        "feedColPosition": 0.32
    },
    "soundSetting": {
        "customSounds": [],
        "postSound": "Default Sound for New Text",
        "toastSound": "Default Sound for New Toast"
    }
}

01DEC2016_09:28:00.876 INFO [machine] 348 GMT2016-12-01T09:28:00.792Z (81 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 start logging on to IBD2 in main with args: 
{}

01DEC2016_09:28:01.689 INFO [machine] 348 GMT2016-12-01T09:28:01.686Z [uuid] 17662753 [firm] 9001 [sn] 290501 "machine type: ucbr: 2 fxibdsrv: 2 fxibdqsc: 2"

01DEC2016_09:28:01.833 INFO [machine] 348 GMT2016-12-01T09:28:01.728Z (102 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 worker signOn Response: 
{
    "machineType": 2,
    "machineTypeFxibdsvc": 2,
    "machineTypeFxibdqsc": 2,
    "fxaxUser": {
        "uuid": 17662753,
        "dealCode": "BGEU",
        "userNum": 16733059,
        "userCustNum": 6618,
        "firstName": "VINCENT VON",
        "lastName": "ROTZ",
        "fullName": "VINCENT VON ROTZ",
        "isDemo": false,
        "isTest": true,
        "isBbg": true,
        "isBba": true
    },
    "fxpvDealingCode": {
        "bankNumber": 31,
        "firmNumber": 9001,
        "primaryIdentifier": 1,
        "secondaryIdentifier": 3,
        "tertiaryIdentifier": 0,
        "quaternaryIdentifier": 0,
        "streamingName": 1010532,
        "optionsName": 1010532,
        "disclaimer": 1015148,
        "streamingLogo": 31100137,
        "optionsLogo": 41941229,
        "dealingCode": "BGEU",
        "companyName": "BLOOMBERG FX LONDON",
        "active": 1,
        "optionsUsesQuoteEngine": false,
        "enfb_id": "521cce1e1b1c0000",
        "rfqUsesQuoteEngine": false,
        "isBbg": true,
        "isTest": true
    },
    "isTradingEnabled": true,
    "isTeamLead": false,
    "isGrabChatEnabled": false,
    "settings": {
        "enable_toast": true,
        "enable_ib_parsing": false,
        "ibd_textflow_input_rows_expand": 3,
        "ibd_textflow_input_rows_collapse": 2,
        "alias": "",
        "font_size": 14,
        "bring_msg_to_front": false,
        "flash_win_toolbar": false,
        "autostart": false,
        "enable_keyboard_navigation": false,
        "show_pending_requests": false,
        "use_bloomberg_name": true,
        "launch_cnf_on_capture": true,
        "launch_cnf_on_end": false,
        "flash_rqst_or_chat": true,
        "auto_expand": false,
        "use_above_below": false,
        "start_ibd_instead_of_ib_from_tickets": false,
        "focus_on_ack": false,
        "use_all_in_as_ref": false,
        "play_sound_until_picked_up": false,
        "play_sound_for_toast": true,
        "play_sound_on_new_text": true,
        "flash_my_rqsts_tab": false,
        "flash_monitored_tab": false
    },
    "isClassic": true,
    "tcnfEnabled": true
}

01DEC2016_09:28:02.473 INFO [machine] 348 GMT2016-12-01T09:28:02.414Z (56 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 sessionInit success. [accountUrn:] urn:fb-ib-bloomberg-net:BGEU:in=f  [sessionId:] d83fed2195cc0006  [identityUrn:] urn:identity-ib-bloomberg-net:1:0:urn%3Afb-ib-bloomberg-net%3ABGEU%3Ain%3Df:uuid%3D17662753

01DEC2016_09:28:02.533 INFO [machine] 348 GMT2016-12-01T09:28:02.477Z (52 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 sessionInit success. [accountUrn:] urn:fb-ib-bloomberg-net:BGEU:in=t  [sessionId:] d83fed2195cc0005  [identityUrn:] urn:identity-ib-bloomberg-net:1:0:urn%3Afb-ib-bloomberg-net%3ABGEU%3Ain%3Dt:uuid%3D17662753

01DEC2016_09:28:02.893 INFO [machine] 348 GMT2016-12-01T09:28:02.820Z (70 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 successfully logged on to IBD2.

01DEC2016_09:28:02.894 INFO [machine] 348 GMT2016-12-01T09:28:02.820Z (70 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 hide IBD for user

01DEC2016_09:28:02.914 INFO [machine] 348 GMT2016-12-01T09:28:02.836Z (75 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 sending fxibdbus subscription: 
{
    "uuid": 17662753,
    "FxEnvironment": 2
}

01DEC2016_09:28:02.914 INFO [machine] 348 GMT2016-12-01T09:28:02.836Z (74 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 fxibdbus eventHandler, eventType: SERVICEOPEN_RESULT

01DEC2016_09:28:02.914 INFO [machine] 348 GMT2016-12-01T09:28:02.836Z (76 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 fxibdbus eventHandler, eventType: CONNECTED

01DEC2016_09:28:04.114 INFO [machine] 348 GMT2016-12-01T09:28:04.014Z (97 ms) [uuid] 17662753 [firm] 9001 [sn] 290501 fxibdbus eventHandler, eventType: SUBSCRIPTION_RESULT

They are presented in Splunk as one event. But I would like to break them by timestamp.
Why has this happened? How to fix this problem?

inventsekar · ‎12-01-2016

Did you try, SHOULD_LINEMERGE = false ?

inventsekar · ‎12-01-2016

Also did you try, without the MAX_DAYS_HENCE ?!?!

Why are my events not splitting correctly by timestamp?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!