Dear Team,

We have integrated MSSQL and we saw some of the events were not normalized and checked the payload and we found multiple lines. For example,

event_time: "2021-07-03 18:15:12.2745932" transaction_id: "2341231223" audit_file_offset: "73544704" action_id: "TXCM" statement: "INSERT INTO test.dbo.sysmaintplan_logdetail(

task_detail_id,

line1,

line2,

server_name,

start_time,

end_time,

error_number,

error_message,

command,

succeeded)

VALUES(

Support Member_detail_id,

Support Member,

Support Member,

Support Member_name,

Support Member_time,

Support Member_time,

Support Member_number,

Support Member_message,

Support Member,

Support Member)" database_name: "test" server_principal_name: "test_user"

and we have checked the DSM and found that each line was treated separately. So, is there any way we can define these kinds of logs as a single line and make the corresponding DSM.

Any help would be appreciated.

You can create a log source using the tcp multiline syslog protocol which uses regular expressions to identify the start and end pattern of multiline events.

Please refer here for more information.

https://www.ibm.com/docs/en/dsm?topic=options-tcp-multiline-syslog-protocol-configuration

Hello MPrabir,

Thank you for your help.

Hello MPrabir,

In case of syslog we can use tcpmultiline syslog protocol but in our case, we have database server and we need to configure JDBC protocol. Is there any way to use similar protocol to convert multiple lines to single lines.

MS SQL events will look like that. Even though they are more than one line, the entire event should be shown. It may be that the default size of events is not large enough to contain the entire SQL event. Check Admin\System Settings\ (turn on advanced view)\ MAX TCP Syslog Payload length. I believe that setting also governs the largest payload captured in a single event. I have seen some very large ones. While you can set it larger, the largest size really supported is 32K.