Is it possible to add blank lines in between results when using Spunk CLI search?

0

I'm using RHEL 6.10 and using the Splunk CLI to find "transactions" (groups of results together). It is searching for rtvscand log lines.

/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| transaction host syslog_source
      startswith="Scan started" endswith="Scan Complete"'

The search returns a set of results printed one after the other, as shown in my first set of output lines. I would like each individual result (in this case, each transaction) to be separated by a blank line, as shown in my second set of output lines since it's not always obvious where a transaction begins and ends. For example.

2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 70225   Files/Folders/Drives Omitted: 0
2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 0   Files/Folders/Drives Omitted: 0
2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files 
inside /root/latest-defs-linux due to extraction errors encountered by the 
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete:  Threats:
0   Scanned: 3408   Files/Folders/Drives Omitted: 1

Is there a way to specify that the Splunk CLI should put a blank line in between each transaction so it looks like this?

2018-09-08T14:00:05.723289+00:00 hostname rtvscand: Scan started on selected
drives and folders and all extensions.
2018-09-08T14:03:10.150106+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 70225   Files/Folders/Drives Omitted: 0

2018-09-08T13:00:03.596346+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T13:00:04.966009+00:00 hostname rtvscand: Scan Complete:  Threats: 
0   Scanned: 0   Files/Folders/Drives Omitted: 0

2018-09-08T12:00:01.490553+00:00 hostname rtvscand: Scan started on selected 
drives and folders and all extensions.
2018-09-08T12:00:11.186179+00:00 hostname rtvscand: Could not scan 1 files 
inside /root/latest-defs-linux due to extraction errors encountered by the 
Decomposer Engines.
2018-09-08T12:00:19.520929+00:00 hostname rtvscand: Scan Complete:  Threats:
0   Scanned: 3408   Files/Folders/Drives Omitted: 1

hymie

Posted 2018-09-25T18:59:31.473

Reputation: 1 011

It would help if you [edit]ed your question to include 1/ what OS your using, and 2/ what splunk command you are running. As it stands your question is unanswerable. – DavidPostill – 2018-09-25T19:14:09.190

Now your question is clearer that you provided more details. The thing is your original question basically just dumped what you were getting and what you want without any other explanation. Additionally, no OS or details on command until asked for it. I took all of your newly added stuff and added it at the beginning of the question so it is all clear. It was utterly no clear previously but now am voting to reopen this now. – JakeGould – 2018-09-25T20:06:58.997

No answers

Asked: 2018-09-25T18:59:31.473

Viewed: 49 times

Active: 2018-09-26T03:50:54.443