Hi all,
I have an XML log file that looks something like this.
<matrix>
<datasource>
<name>ABC</name>
</datasource>
<datasource>
<name>XYZ</name>
</datasource>
<datasource>
<name>EFG</name>
</datasource>
<datasource>
<name>RST</name>
</datasource>
</matrix>
Basically, this is one big file that updates itself every 5 minutes and should be
read as a single entry for each refresh. Unfortunately, Splunk reads that
seperately and chops them up when parsing.
Is there a way to tell Splunk that it should read from and end at
for each event?
... View more