I forgot to mention this below is a single event: (portion of it)
Even I have put a regular expression to split it, I can a single event is being created and then it gets divided to multiple event as per regular expression. If my elasticsearch index size is more as compared to maximum row allowed in a event .. Splunk GUI will fail to show the event, right ? Any suggestion on that ?
{"nuage_metadata":{"subnetName":"NewYork","subnetId":"5e129b87-38fc-4417-be27-467ede4f999e","zoneName":"Branches","zoneId":"d379e845-1ea5-485c-b8e8-f02cebd9e812","dpgName":null,"spgName":null,"enterpriseName":"VSS","vportId":"30a826b8-e977-43dc-9051-7c1d74833c76","domainName":"VSS_Domain","domainId":"a52428f8-1453-40e0-ab25-ba4f3465a8e8"},"type":"ACL_DENY","value":1,"@version":"1","@timestamp":"2018-06-27T20:35:37.319Z","timestamp":1530058904992}{"nuage_metadata":{"subnetName":"Dallas","subnetId":"8497d32a-c04c-4711-a27c-5a5765e2d8a5","zoneName":"Branches","zoneId":"d379e845-1ea5-485c-b8e8-f02cebd9e812","dpgName":null,"spgName":null,"enterpriseName":"VSS","vportId":"257137d5-24a6-4423-96e0-428f95351405","domainName":"VSS_Domain","domainId":"a52428f8-1453-40e0-ab25-ba4f3465a8e8"},"type":"ACL_DENY","value":2,"@version":"1","@timestamp":"2018-06-27T20:35:37.319Z","timestamp":1530058904992}{"nuage_metadata":{"subnetName":"SanFrancisco","subnetId":"7504cb32-c1e2-447e-b017-84ae9b5c3042","zoneName":"Branches","zoneId":"d379e845-1ea5-485c-b8e8-f02cebd9e812","dpgName":null,"spgName":null,"enterpriseName":"VSS","vportId":"a22e0257-56f4-4c50-815f-3d3b492f7ebf","domainName":"VSS_Domain","domainId":"a52428f8-1453-40e0-ab25-ba4f3465a8e8"},
... View more