É possível adicionar linhas em branco entre os resultados ao usar a pesquisa do Spunk CLI?

Navegue suas respostas
0

Estou usando o RHEL 6.10 e usando o Splunk CLI para localizar "transações" (grupos de resultados juntos). Está pesquisando por rtvscand log linhas. 

/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| transaction host syslog_source
      startswith="Scan started" endswith="Scan Complete"'

A pesquisa retorna um conjunto de resultados impressos um após o outro, conforme mostrado no meu primeiro conjunto de linhas de saída. Eu gostaria que cada resultado individual (neste caso, cada transação) fosse separado por uma linha em branco, como mostrado no meu segundo conjunto de linhas de saída, uma vez que nem sempre é óbvio onde uma transação começa e termina. Por exemplo. 

2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 70225   Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 0   Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files 
inside /root/latest-defs-linux due to extraction errors encountered by the 
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete:  Threats:
0   Scanned: 3408   Files/Folders/Drives Omitted: 1

Existe uma maneira de especificar que o Splunk CLI deve colocar uma linha em branco entre cada transação, de modo que fique assim? 

2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 70225   Files/Folders/Drives Omitted: 0

2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 0   Files/Folders/Drives Omitted: 0

2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files 
inside /root/latest-defs-linux due to extraction errors encountered by the 
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete:  Threats:
0   Scanned: 3408   Files/Folders/Drives Omitted: 1
    
por hymie 25.09.2018 / 20:59

0 respostas

Tags

Adicionando campos na tabela dinâmica nslookup não está funcionando, mas ping e traceroute com ICMP funcionam bem