使用 Spunk CLI 搜索时,是否可以在结果之间添加空行?

tag-icon tag-icon command-line splunk
使用 Spunk CLI 搜索时,是否可以在结果之间添加空行?

我正在使用 RHEL 6.10 并使用 Splunk CLI 查找“事务”(结果组)。它正在搜索rtvscand日志行。

/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| transaction host syslog_source
      startswith="Scan started" endswith="Scan Complete"'

搜索返回一组连续打印的结果,如我的第一组输出行所示。我希望每个单独的结果(在本例中为每笔交易)都用空行分隔,如我的第二组输出行所示,因为交易的开始和结束位置并不总是很明显。例如。

2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 70225   Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 0   Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files 
inside /root/latest-defs-linux due to extraction errors encountered by the 
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete:  Threats:
0   Scanned: 3408   Files/Folders/Drives Omitted: 1

有没有办法指定 Splunk CLI 应该在每个事务之间放置一个空白行,以便它看起来像这样?

2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 70225   Files/Folders/Drives Omitted: 0

2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 0   Files/Folders/Drives Omitted: 0

2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files 
inside /root/latest-defs-linux due to extraction errors encountered by the 
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete:  Threats:
0   Scanned: 3408   Files/Folders/Drives Omitted: 1

相关内容