I am a new Splunk user and I am having difficulties resolving this problem. I have an xml log file as an input structured like this:
<LOG>
<DATE>DDMMYYYY</DATE>
<TIME>HHMMSS</TIME>
<CC>\d{16}</CC>
<AMOUNT>\d+\.\d{2}</AMOUNT>
</LOG>
where logs are separated with LOG tag. What do I need to do to make Splunk to correctly read the timestamp that is separated in the two lines (DATE and TIME)?
... View more