Hi I have the text file with below sample data I have to break the events using
"-------------------------" as event break
abc
text file: 123
name: 235
list: 6363
dfdf
text file: df
name: ggg
list: fdgdfg
abc
text file: 123
name: 235
list: 6363
cds
text file: 1fd3
name: ff35
list: 6sd
Try this
props.conf on indexer/heavy forwarder
[yoursourcetype]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)(?=\-+)
DATETIME_CONFIG=CURRENT
Hi Somesoni, I Have "-------------------------" in the text
I believe the above configuration should do that. Did you get a chance to test it (or share what failed if you've)?
Hi Somesoni,
I have the same problem in splitting the events, I tried your above answer but it is not working.
Here is my requirement, I want to split the log in to multiple events based on the delimiter "========" . So that i will get 3 events in splunk
abc
text file: 123
name: 235
dfdf
text file: df
name: ggg
cds
text file: 1fd3
name: ff35