Import entire log as a single message

Comments

2 comments

  • Avatar
    Monty Yao

    Hi Justin,

    You can parse the output of every 10 minutes as ONE message. You will need to setup a multi-line detection regular expression to match the first line of the whole multi-lines message.

    In your example the following looks like a message separator: 

    2018-01-31_00:00:01

    You should set up something like below in the source's multi-line detection.

    ^\d{4}-\d\d-\d\d_\d\d:\d\d:\d\d$

    So that every time when Sumo sees that pattern, that's the beginning of a new message.

     

    HTH,

    Monty

     

     


     

  • Avatar
    Justin Montgomery

    Excellent thanks Monty, I added the following to my config JSON and it all appears to be working now!

     

    "useAutolineMatching":false,
    "manualPrefixRegexp":"^\\d{4}-\\d{2}-\\d{2}_\\d{2}:\\d{2}:\\d{2}$"

Please sign in to leave a comment.