I have a very noisy app log. I want to use Splunk's indexer to filter only relevant data and index them. Basically I need to match a string 'Error', only forward the matched line and the line preceding that one for indexing. In other words, I need to do a grep and a grep -B1 for the string Error. Then, I only want to index those events using Splunk's indexer filtering. How do I do that? Example: I have this log data INFO: Task1 INFO: OK INFO: Task 2 ERROR: exception xyz Here, I only want to capture and index this: INFO: Task 2 ERROR: exception xyz
... View more