Parses an incoming bytes stream into events.
read_lines [skip_empty=bool, split_at_null=bool, split_at_regex=string]Description
Section titled “Description”The read_lines operator takes its input bytes and splits it at a newline character.
Newline characters include:
\n\r\n
The resulting events have a single field called line.
skip_empty = bool (optional)
Section titled “skip_empty = bool (optional)”Ignores empty lines in the input.
split_at_null = bool (optional)
Section titled “split_at_null = bool (optional)”Use null byte (\0) as the delimiter instead of newline characters.
split_at_regex = string (optional)
Section titled “split_at_regex = string (optional)”:::warning Deprecated
This option is deprecated. Use
read_delimited_regex instead.
:::
Use the specified regex as the delimiter instead of newline characters. The regex flavor is Perl compatible and documented here.
Examples
Section titled “Examples”Reads lines from a file
Section titled “Reads lines from a file”load_file "events.log"read_linesis_error = line.starts_with("error:")Split Syslog-like events without newline terminators from a TCP input
Section titled “Split Syslog-like events without newline terminators from a TCP input”Consider using read_delimited_regex for regex-based splitting:
load_tcp "0.0.0.0:514"read_delimited_regex "(?=<[0-9]+>)"this = line.parse_syslog()load_tcp "0.0.0.0:514"read_lines split_at_regex="(?=<[0-9]+>)"this = line.parse_syslog()See Also
Section titled “See Also”read_ssv,
read_tsv,
read_delimited_regex,
read_xsv,
write_lines