I have a file with semi colon ; line breaks text file. It has been indexed in splunk.
INSERT INTO `account` VALUES ('abc');
INSERT INTO `account` VALUES ('xyz');
INSERT INTO `account` VALUES ('pqr');
INSERT INTO `account` VALUES ('mnp');
When I search for "pqr" it should show only 1 line. It is currently showing the next line "mnp" as well. There is no timestamp in the file and splunk still is grouping the lines by date-time. for e.g. all the lines mentioned above listed as a group under 06/09/2011 19:01:17.000
How do I return only one line while searching for 'pqr' ?
... View more