Menu
Our splunk instance is showing each line of a java stacktrace as a separate event.
Can we fix it without changing our java code? Thank you.
463
The paucity of information about the events make it hard to be specific about the solution. You need to update the props.conf settings for that sourcetype so the multiple lines of the traceback are merged into a single event. There are a number of ways to do that, including SHOULD_LINEMERGE=true and BREAK_ONLY_BEFORE_DATE=true.
133
answered Sep 18 '25 10:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
