[splunk_rapid_diag]
TIME_FORMAT = %Y-%m-%d %H:%M:%S,%3N
LINE_BREAKER = ([\n\r]+)\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}
SHOULD_LINEMERGE = False
MAX_TIMESTAMP_LOOKAHEAD = 40
TRUNCATE = 50000
EXTRACT-default_rd_fields = ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3} (?<component>\S+) (?<log_level>\S+) (?<thread_id>\d+) - (?s)(?<event_message>.*)$

[source::.../var/log/splunk/splunk_rapid_diag.log(\.\d+)?]
sourcetype = splunk_rapid_diag