Estou usando o RHEL 6.10 e usando o Splunk CLI para localizar "transações" (grupos de resultados juntos). Está pesquisando por rtvscand
log linhas.
/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| transaction host syslog_source
startswith="Scan started" endswith="Scan Complete"'
A pesquisa retorna um conjunto de resultados impressos um após o outro, conforme mostrado no meu primeiro conjunto de linhas de saída. Eu gostaria que cada resultado individual (neste caso, cada transação) fosse separado por uma linha em branco, como mostrado no meu segundo conjunto de linhas de saída, uma vez que nem sempre é óbvio onde uma transação começa e termina. Por exemplo.
2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 70225 Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 0 Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files
inside /root/latest-defs-linux due to extraction errors encountered by the
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 3408 Files/Folders/Drives Omitted: 1
Existe uma maneira de especificar que o Splunk CLI deve colocar uma linha em branco entre cada transação, de modo que fique assim?
2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 70225 Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 0 Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files
inside /root/latest-defs-linux due to extraction errors encountered by the
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete: Threats:
0 Scanned: 3408 Files/Folders/Drives Omitted: 1
Tags command-line splunk