what is the equivalent of Splunk should_linemerge in Cribl?

Srinath Dayala · November 26

I am getting data into Cribl and it is by default breaking on each line (also when there is no timestamp). So, i have added manual event breaking based on timestamp. But it still the same behavior. Is there a way to disable line breaking on each line?

Srinath Dayala · November 26

Also tried with regex event breaking. that also not working.

Jon Rust · November 26

If you can provide a sample of your event data structure, I might be able to provide an event breaker.

Also, please review this blog and video

what is the equivalent of Splunk should_linemerge in Cribl?

Answers

Categories