I'm trying to figure out a good way of only forwarding along events of significance and to filter out the rest - but without having hundreds of lines of XPath queries in nxlog.conf file. I understand that multiple blocks are AND'd together and that 'type' may only be "exact or regexp", but there doesn't appear to be any negation logic (e.g. NOT item or OR item).
I'm trying to get a PatternDB working correctly, and it looks like I'm getting some fields but not all of them. There's only one pattern that's actually generating extra fields, and even it is dropping the first field (ParsedDate). Not sure what's going on here...
Config file (via file inclusion):
<Extension json>
Module xm_json
</Extension>
I have the following regexp:
^\s*(\d{2}:\d{2}:\d{2}\.\d{4})\s+(\[\S+\])\s+([\s\S]*)$
and a line from the log that I am trying to parse (there are some spaces at the beginning of the line):
13:33:00.1205 [-] Persisting VDOM path /
trying to process a file using pm_pattern module with LogLevel DEBUG this is what I get:
