Guidance on filtering / per line additions - Config Help
Tags:
#1
NXLog_user12345
Hi All,
Needed help with parsing/modify. Would greatly appreciate some direction. At the moment, I am parsing a plain-test log-file and sending to a remote server:
Jun 19 16:29:28 server12345 [...]
Jun 19 16:29:28 server12345 ---
Jun 19 16:29:27 server12345 [program.state :3371]
The above is what I get with parsing. I was hoping to make every line transform like this
Jun 19 16:29:28 server12345 **programName1** [...]
Jun 19 16:29:28 server12345 **programName1** ---
Jun 19 16:29:27 server12345 **programName1** [program.state :3371]
Can someone help me understand, how I can get programName1 appended to each file, after the server hostname?
Also, is it possible to parse the server-name, and replace it as follows:
Jun 19 16:29:28 **server12345--NA** programName1 [...]
Jun 19 16:29:28 **server12345--NA** programName1 ---
Jun 19 16:29:27 **server12345--NA** programName1 [program.state :3371]
Would appreciate some guidance on how to change this via config. I currently, am reading in a textfile via the om_file method.
Update: Relevant snippets of config:
<Input log_file>
Module im_file
File 'C:\program\var\log\file.log'
#InputType multiline_parser
Exec parse_syslog();
</Input>
<Processor norepeat>
Module pm_norepeat
CheckFields Hostname, Message, SourceName
OutputFormat syslog_rfc3164
</Processor>
<Route log_output>
Path log_file => norepeat => log_output
</Route>
<Output log_output>
Module om_udp
Host x.x.x.x
Port 514
</Output>
#1
NXLog_user12345
Hi All,
Needed help with parsing/modify. Would greatly appreciate some direction. At the moment, I am parsing a plain-test log-file and sending to a remote server:
Jun 19 16:29:28 server12345 [...]
Jun 19 16:29:28 server12345 ---
Jun 19 16:29:27 server12345 [program.state :3371]
The above is what I get with parsing. I was hoping to make every line transform like this
Jun 19 16:29:28 server12345 **programName1** [...]
Jun 19 16:29:28 server12345 **programName1** ---
Jun 19 16:29:27 server12345 **programName1** [program.state :3371]
Can someone help me understand, how I can get programName1 appended to each file, after the server hostname?
Also, is it possible to parse the server-name, and replace it as follows:
Jun 19 16:29:28 **server12345--NA** programName1 [...]
Jun 19 16:29:28 **server12345--NA** programName1 ---
Jun 19 16:29:27 **server12345--NA** programName1 [program.state :3371]
Would appreciate some guidance on how to change this via config. I currently, am reading in a textfile via the om_file method.
Update: Relevant snippets of config:
<Input log_file>
Module im_file
File 'C:\program\var\log\file.log'
#InputType multiline_parser
Exec parse_syslog();
</Input>
<Processor norepeat>
Module pm_norepeat
CheckFields Hostname, Message, SourceName
OutputFormat syslog_rfc3164
</Processor>
<Route log_output>
Path log_file => norepeat => log_output
</Route>
<Output log_output>
Module om_udp
Host x.x.x.x
Port 514
</Output>
Please paste your current config.
