Hi ,
Here is the sample log along with the line numbers mentioned ,which I am trying to upload to Splunk.
1 ) a
2 ) a1
3 ) a2
4 ) a3
5 ) a4
6 ) a5
7 ) begin script 2013-01-15 02:26:27::Status :0
8 ) Run_Job ::2013-01-15 02:26:27::pmcmd Return Code=0
9 ) Run_Job ::2013-01-15 02:26:27::Workflow wf_FF completed Successfully..
10 ) _Upd_DT_ID ::2013-01-15 02:30:14::Update Max Date in for JOB STREAM ID wf_FF
11 ) *** Warning: EOF on INPUT stream.
12 ) *** Warning: EOF on INPUT stream.
13 ) :: .ksh::2013-01-15 02:30:15::Last Extract ID/LAST Extract DATE and SOURCE_FLAT_FILE_NAME updated successfully.
14 ) *** Warning: EOF on INPUT stream.
15 ) *** Warning: EOF on INPUT stream.
16 ) ::2013-01-15 02:30:16::Completed. and updated successfully.
17 ) ::2013-01-15 02:30:16::Removing the session specific Temp file
18 ) ::2013-01-15 02:30:16::Successfully removed Temp file
19 ) ::2013-01-15 02:30:16::End processing for workflow wf_FF
20 ) ### Command completed.
For the first 6 lines splunk assigned the timestamp when it is getting indexed and for the rest it is taking from the log data.
Need the first 6 lines also merged with the second event so that it will get the timestamp from the log.
Thanks in advance.
Anitha.
... View more