ERROR invalid keyword when I tried parse logs with regex.

#1 Juan Andrés.Ramirez 8 years ago

Hello ,

I'm trying get specific data from some logs of hadoop with REGEX and I recieved this error: ERROR invalid keyword: Output at C:\Program Files (x86)\nxlog\conf\nxlog.conf:45

Here is my config file:

define ROOT C:\Program Files (x86)\nxlog
#
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#
<Extension gelf>
Module xm_gelf
</Extension>
<Extension fileop>
Module xm_fileop
</Extension>
<Extension json>
Module xm_json
</Extension>
<Extension multi>
Module xm_multiline
HeaderLine /^(\d+-\d+-\d+\s\d+:\d+:\d+,\d+)/
   EndLine       /(.*)/
</Extension>
#
<Input hadoop>
Module        im_file
File            "E:\\Hadoop\\test\\*.*"
SavePos        TRUE
Recursive    TRUE
InputType       multi

Exec if $raw_event =~/^(\d+-\d+-\d+\s\d+:\d+:\d+,\d+)\s(?:INFO|ERROR|WARN)\s(org.apache.hadoop.\w+.\w+):\s(.*)/g\
           {\
               $Time = $1;\
               $CStatus = $2;\
               $Process = $3;\
               $Process_result = $4;\
               to_json();\
           }\
           else\
           {\
               drop();\
           }\
</Input>

<Output graylog>
Module om_udp
Host 10.101.78.224
Port 12201
OutputType GELF

#Use the following line for debugging (uncomment the fileop extension above as well)
#Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
</Output>

<Route eventlog>
Path hadoop => graylog
</Route>

Anyone know what is bad in this config file?.

THank you.

Permalink

#2 adm Nxlog ✓ 8 years ago (Last updated 5 years ago )

#1 Juan Andrés.Ramirez

Hello , I'm trying get specific data from some logs of hadoop with REGEX and I recieved this error: ERROR invalid keyword: Output at C:\Program Files (x86)\nxlog\conf\nxlog.conf:45 Here is my config file: define ROOT C:\Program Files (x86)\nxlog # Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log # <Extension gelf> Module xm_gelf </Extension> <Extension fileop> Module xm_fileop </Extension> <Extension json> Module xm_json </Extension> <Extension multi> Module xm_multiline HeaderLine /^(\d+-\d+-\d+\s\d+:\d+:\d+,\d+)/ EndLine /(.*)/ </Extension> # <Input hadoop> Module im_file File "E:\\Hadoop\\test\\*.*" SavePos TRUE Recursive TRUE InputType multi Exec if $raw_event =~/^(\d+-\d+-\d+\s\d+:\d+:\d+,\d+)\s(?:INFO|ERROR|WARN)\s(org.apache.hadoop.\w+.\w+):\s(.*)/g\ {\ $Time = $1;\ $CStatus = $2;\ $Process = $3;\ $Process_result = $4;\ to_json();\ }\ else\ {\ drop();\ }\ </Input> <Output graylog> Module om_udp Host 10.101.78.224 Port 12201 OutputType GELF #Use the following line for debugging (uncomment the fileop extension above as well) #Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event); </Output> <Route eventlog> Path hadoop => graylog </Route> Anyone know what is bad in this config file?. THank you.

I think it's this:


           }\
</Input>

The last backslash is not needed.

The latest version now supports the <Exec> tag so that you don't need to add the backslash to each line, see this example.