![]() If you are using the SPL2 Pipeline Builder, you must escape any backslash ( \ ) characters. These examples assume that you have added the function to your pipeline. Default: 10000 Example in Canvas View: 5000 ExamplesĮxamples of common use cases follow. The rounds down line length when this attribute would otherwise land mid-character for multibyte characters. Default: + Example in Canvas View: + truncate Syntax: a non-negative integer Description: The default maximum line length, in bytes. Example in Canvas View: MAX_EVENTS=3 MUST_NOT_BREAK_BEFORE=^.*fifth SHOULD_LINEMERGE=true BREAK_ONLY_BEFORE_DATE=false Optional arguments line_breaker Syntax: Regular expression Description: A regular expression that determines how the incoming data is broken into initial events, before line merging takes place. See configure event line breaking in the Splunk Enterprise documentation for a description of available line breaking attributes. ![]() The line breaking stanza configurations from nf. Props_conf Syntax: string Description: Required if you are using the config linebreak_type. Use this break type if you want to reuse and migrate your existing nf line_breaking settings to the. The default pattern is +, which breaks data into an event for each line, delimited by any number of carriage return (\r) or newline (\n) characters.īreak events based on an existing line breaking nf configuration. This setting uses built-in timestamp rules to detect timestamps.īreak events based on a custom regular expression pattern. Creates a new event when another timestamp is detected. Example in Canvas View: auto Break Typeīreak events based on the location of timestamps in the data, and merges lines after the timestamp. All three of these break types perform line merging after breaking by default. Linebreak linebreak_type = config props_conf = Required arguments linebreak_type Syntax: auto | advanced | config Description: See the table for a description of each break type. Linebreak linebreak_type = advanced line_breaker = truncate = Function Output collection> This function outputs collections of records with schema R. Function Input/Output Schema Function Input collection> This function takes in collections of records with schema R. See the "Examples" section for examples on how to use this function. This function must be added immediately after the source function or, in the case there are multiple sources, after the union of sources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |