You can modify the event breaking and merging configuration of a source type by completing the following steps.

1. Navigate to the Source types page.
2. In the row listing the source type that you want to modify, select the Actions icon () and select Edit.
3. In the Name field, enter the exact name of the source type that you want to work with. The source type name must meet these requirements:

   • The name must be unique.

   • The name cannot be splunk-edge-processor-metrics or splunk-edge-processor-log. These are reserved for internal use only.

4. In the Line breaking field, specify the delimiter that indicates the end of one event and the start of another. If using a line break as the delimiter meets your requirements, then leave this field at the default value of ([\r\n]+). Otherwise, enter a different PCRE capture group that matches the delimiter.

   Note: This delimiter gets dropped from your data. It is treated as something that exists between events rather than something that is part of an event. For more information, see the description of the LINE_BREAKER property in props.conf in the Splunk Enterprise Admin Manual.

5. If your inbound data consists of multiline events, then do the following:

   1. Select Merge lines into events.

   2. In the Multiline event delimiter field, enter a PCRE expression that matches the start of each multiline event.

   3. (Optional) To specify the maximum number of lines to include in a single multiline event, expand Advanced settings and enter your desired maximum number of lines in the Maximum lines per event field.

6. (Optional) To confirm that your updated source type configuration works as expected, generate a preview that shows how the source type configuration breaks and merges inbound data streams into events. Do the following:
   1. Select the Edit Sample Data icon ().
   2. In the Edit sample data dialog box, enter or upload sample data for generating the preview.
      Note: The sample data must be in the same format as the actual data that is associated with the source type. See Getting sample data for previewing data transformations for more information.
   3. Select Save.
   4. Select the Run To Preview Source Type icon () to generate the preview. Use the preview results to validate your source type configuration.
7. Select Save source type. Then, select Save to continue and save your changes.

The Edge Processor service returns a message confirming that your changes are saved successfully.

If this source type is used by any pipelines that are already applied to Edge Processors, then you need to refresh your pipelines to make sure that they use the updated source type configuration. See Refresh a pipeline for more information.

You can delete a source type from the system by completing the following steps.

1. Navigate to the Source types page.
2. In the row listing the source type that you want to modify, select the Actions icon () and select Delete.
3. When prompted to confirm your choice, select Delete.

The Edge Processor service returns a message confirming that your source type was deleted successfully.