Splunk_Docker/files/splunk-etc/apps/splunk_assist/default/props.conf

[source::...*splunk_assist_*.log]
sourcetype = splunk_assist_internal_log

[splunk_assist_internal_log]
description = Splunk Assist Internal Log
MAX_TIMESTAMP_LOOKAHEAD = 23
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S,%3N
SHOULD_LINEMERGE = false
ANNOTATE_PUNCT = false
NO_BINARY_CHECK = true
EXTRACT-log_level,app_name,module_name,function_name,process_id = ^(?:[^ \n]* ){2}(?P<log_level>[^ ]+)\s+\[(?P<app_name>[^\]]+)[^\[\n]*\[(?P<module_name>[^\]]+)[^ \n]* \[(?P<function_name>\w+)\]\s+\[(?P<process_id>[^\]]+)
Inital Commit 8 months ago			`[source::...splunk_assist_.log]`
			`sourcetype = splunk_assist_internal_log`

			`[splunk_assist_internal_log]`
			`description = Splunk Assist Internal Log`
			`MAX_TIMESTAMP_LOOKAHEAD = 23`
			`TIME_PREFIX = ^`
			`TIME_FORMAT = %Y-%m-%d %H:%M:%S,%3N`
			`SHOULD_LINEMERGE = false`
			`ANNOTATE_PUNCT = false`
			`NO_BINARY_CHECK = true`
			`EXTRACT-log_level,app_name,module_name,function_name,process_id = ^(?:[^ \n]* ){2}(?P<log_level>[^ ]+)\s+\[(?P<app_name>[^\]]+)[^\[\n]\[(?P<module_name>[^\]]+)[^ \n] \[(?P<function_name>\w+)\]\s+\[(?P<process_id>[^\]]+)`