4
answers
closed

Hi Team,

I am stuck in sending the multiline messages to Loggly.

My configuration file is:

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\\Program Files\\nxlog
#define ROOT_STRING C:\\Program Files\\nxlog
define ROOT C:\\Program Files (x86)\\nxlog
define ROOT_STRING C:\\Program Files (x86)\\nxlog
define CERTDIR %ROOT%\\cert
 
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
 
# Include fileop while debugging, also enable in the output module below
<Extension fileop>
 Module xm_fileop
</Extension>
 
<Extension json>
 Module xm_json
</Extension>
 
<Extension syslog>
 Module xm_syslog
</Extension>

<Extension dicom-multi>
    Module    xm_multiline
    HeaderLine    /^\d\d\d\d-\d\d-\d\d\.\d\d:\d\d:\d\d\,\d+/
</Extension>
 
#<Input internal>
# Module im_internal
# Exec $Message = to_json();
#</Input>

# Watch your own files.
<Input CMS_IIS>
    Module im_file
    File "C:\\Users\\Shweta\\Desktop\\nxlog-Files\\hofweb*"  
    SavePos TRUE
    InputType dicom-multi
    Exec $event=$raw_event;
    Exec to_json();
</Input>
 

<Output out>
   Module om_tcp
   Host logs-01.loggly.com
   Port 514
   Exec to_syslog_ietf();
   Exec $raw_event=replace($raw_event,'{','[55bf6d94-27dc-4392-ad3d-8e4d3a1685df@41058 tag="windows0"] {',1);
   Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log",$raw_event);
</Output>
 
<Route 1>
 Path CMS_IIS => out
</Route>s

 

I have timestamp in start of the logs in ISO8601 format. I want the configuration to understand the new log when encounter a timestamp i.e., 2016-11-18 05:41:30,851

 

Please help us on priority.

You can directly mail me at nkumar@loggly.com.

 

Support ticket opened onDecember 13, 2016 - 12:42pm

Comments (4)

  • b0ti's picture

    State: closed -> active

    Can you attach an input sample containing at least a couple event records?

    Thanks

    December 13, 2016 - 2:47pm
  • Niraj's picture

    Hi,

    I have attached my sample file. You can see 4 multiline logs in the file attached.

    Hoping a quick response from your side.

    -Niraj

    AttachmentSize
    hofweb_fhResponse.2016-11-18.log1.68 KB

    December 14, 2016 - 10:05am
  • b0ti's picture

    The correct regexp to match the date format would be as follows:

    HeaderLine    /^\d\d\d\d\-\d\d\-\d\d \d\d:\d\d\:\d\d\,\d+/

    December 14, 2016 - 6:59pm
  • b0ti's picture

    State: active -> closed

    Assuming this can be closed.

    May 12, 2017 - 10:50am