Hello,
I'm using SplunkStorm and I've written a NLog target that uploads events to the REST API using the json_predefined_timestamp sourcetype. It works really well, except when it comes to multiline message data (like a stack trace on an exception). It's one event, sent as one event, but contains multiple lines in the message. Here's the raw data:
{"timestamp":"2014-01-16T13:19:59.383",
"Level":"Info",
"ProcessId":"6280",
"ThreadId":"10",
"Logger":"TheName",
"Path":"Main",
"SessionId":"5d4a11ccdb5a43908077ef070211facf",
"MessageId":"4a6b5bcbc4264d698d2a814b405ce1d2",
"Message":"MultiLine
And the next line"}
I've tried both r, n and rn (CRLF) but what happens is that the message cell when I'm using table view in Splunk Search is just blank. What I was hoping for what to see all/part of the message. How can I accomplish this, is there some line break character that I can inject that works? Note that I don't want an event for each line, it's really just tied to this single event (stack trace on exception).
Thanks for any help, /Hakan
