Estou usando o RHEL 6.10 e usando o Splunk CLI para localizar "transações" (grupos de resultados juntos). Está procurando por rtvscand
linhas de log.
/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| transaction host syslog_source
startswith="Scan started" endswith="Scan Complete"'
A pesquisa retorna um conjunto de resultados impressos um após o outro, conforme mostrado no meu primeiro conjunto de linhas de saída. Eu gostaria que cada resultado individual (neste caso, cada transação) fosse separado por uma linha em branco, como mostrado no meu segundo conjunto de linhas de saída, uma vez que nem sempre é óbvio onde uma transação começa e termina. Por exemplo.
2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 70225 Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 0 Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files
inside /root/latest-defs-linux due to extraction errors encountered by the
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 3408 Files/Folders/Drives Omitted: 1
Existe uma maneira de especificar que o Splunk CLI deve colocar uma linha em branco entre cada transação para que fique assim?
2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 70225 Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 0 Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files
inside /root/latest-defs-linux due to extraction errors encountered by the
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 3408 Files/Folders/Drives Omitted: 1
command-line
splunk
Hymie
fonte
fonte
splunk
comando que você está executando. Como está, a sua pergunta é irrespondível.