我正在使用 RHEL 6.10 并使用 Splunk CLI 查找“事务”(结果组)。它正在搜索rtvscand
日志行。
/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| transaction host syslog_source
startswith="Scan started" endswith="Scan Complete"'
搜索返回一组连续打印的结果,如我的第一组输出行所示。我希望每个单独的结果(在本例中为每笔交易)都用空行分隔,如我的第二组输出行所示,因为交易的开始和结束位置并不总是很明显。例如。
2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 70225 Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 0 Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files
inside /root/latest-defs-linux due to extraction errors encountered by the
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 3408 Files/Folders/Drives Omitted: 1
有没有办法指定 Splunk CLI 应该在每个事务之间放置一个空白行,以便它看起来像这样?
2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 70225 Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 0 Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files
inside /root/latest-defs-linux due to extraction errors encountered by the
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 3408 Files/Folders/Drives Omitted: 1