Suppose I have a log file having 11 lines like below having two line same as in G:
A
B
C
G
D
E
F
G
H
I
J
Now in Splunk, when I am searching index=something host=something source=something "G" .. I am getting output as expected. but When I am giving keyword as "J" , I want G also to be displayed in the events but unfortunately I see Splunk is displaying each line of the log in each event.
How can I change that ? My requirement is the line should break in G so that all of my events should have G. and the last event should have J with G . Hope I am able to make you understand.
nope.. not able to follow you..
My requirement is the line should break in G so that all of my events should have G ///
when you search for G, you will get two events with "G".. do you want "A
B
C
G
D
E
F
G " ???
and the last event should have J with G ///
not sure, how the last event J should have G ?!?!?
maybe, if you update us the real issue, we can find some ideas like linebreaking, etc..
Okay,, so my requirement is , the line should break in this way:
A
B
C
G
D
E
F
G
H
I
J
If I have two G(which is the search keyword in splunk) in the log , then there should be two events generated.