Transformation of logs from json to kvp
Tags:
NXLog Community Edition
#1
giuseppe
Hello everyone,
We should log on Windows server some IIS and SQL Server logs via agent in Community Edition. Through documentation I have examples that produce as results logs in csv and/or json format.Could you give me a hand in transforming the logs from json and/or csv format to key-value (kvp)
Thank you very much for the support.
Hello,
please check the following configuration:
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension exec>
Module xm_exec
</Extension>
<Extension json>
Module xm_json
</Extension>
# This block rotates `%MYLOGFILE%` on a schedule. Note that if `LogFile`
# is changed in managed.conf via NXLog Manager, rotation of the new
# file should also be configured there.
# # Check the size of our log file hourly, rotate if larger than 5MB
<Extension xm_fileop>
Module xm_fileop
<Schedule>
Every 1 hour
<Exec>
if ( file_exists('%TESTLOGFILE%') and
(file_size('%TESTLOGFILE%') >= 1000M) )
{
file_cycle('%TESTLOGFILE%', 8);
}
</Exec>
</Schedule>
</Extension>
<Extension kvp>
Module xm_kvp
KVPDelimiter ,
KVDelimiter =
EscapeChar \\
ValueQuoteChar "
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input sidewinder>
Module im_tcp
ListenAddr 0.0.0.0:514
Exec parse_json(); kvp->to_kvp();
</Input>
<Output file>
Module om_file
File "/srv/output"
</Output>
<Route file_to_syslog>
Path sidewinder => file
</Route>
