You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
891 B
38 lines
891 B
# Version 9.2.2.20240415
|
|
#
|
|
# The following are examples of segmentation configurations.
|
|
#
|
|
# To use one or more of these configurations, copy the configuration block into
|
|
# segmenters.conf in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to
|
|
# enable configurations.
|
|
#
|
|
# To learn more about configuration files (including precedence) please see the
|
|
# documentation located at
|
|
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
|
|
|
|
|
|
# Example of a segmenter that doesn't index the date as segments in syslog
|
|
# data:
|
|
|
|
[syslog]
|
|
FILTER = ^.*?\d\d:\d\d:\d\d\s+\S+\s+(.*)$
|
|
|
|
|
|
# Example of a segmenter that only indexes the first 256b of events:
|
|
|
|
[limited-reach]
|
|
LOOKAHEAD = 256
|
|
|
|
|
|
# Example of a segmenter that only indexes the first line of an event:
|
|
|
|
[first-line]
|
|
FILTER = ^(.*?)(\n|$)
|
|
|
|
|
|
# Turn segmentation off completely:
|
|
|
|
[no-segmentation]
|
|
LOOKAHEAD = 0
|
|
|