Hello ,

     I'm trying get specific data from some logs of hadoop with REGEX and I recieved this error: ERROR invalid keyword: Output at C:\Program Files (x86)\nxlog\conf\nxlog.conf:45

      Here is my config file:

define ROOT C:\Program Files (x86)\nxlog
# 
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#
<Extension gelf>
    Module         xm_gelf
</Extension>
<Extension fileop>
    Module         xm_fileop
</Extension>
<Extension json>
    Module      xm_json
</Extension>
<Extension multi>
    Module      xm_multiline
    HeaderLine  /^(\d+-\d+-\d+\s\d+:\d+:\d+,\d+)/
    EndLine        /(.*)/
</Extension>
#
<Input hadoop>
  Module         im_file
  File             "E:\\Hadoop\\test\\*.*"
  SavePos         TRUE
  Recursive     TRUE
  InputType        multi
  
  Exec      if $raw_event =~/^(\d+-\d+-\d+\s\d+:\d+:\d+,\d+)\s(?:INFO|ERROR|WARN)\s(org.apache.hadoop.\w+.\w+):\s(.*)/g\
            {\
                $Time = $1;\
                $CStatus = $2;\
                $Process = $3;\
                $Process_result = $4;\
                to_json();\
            }\
            else\
            {\
                drop();\
            }\
</Input>

<Output graylog>
    Module      om_udp
    Host        10.101.78.224
    Port        12201
    OutputType    GELF
 
    #Use the following line for debugging (uncomment the fileop extension above as well)
    #Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
</Output>

<Route eventlog>
    Path        hadoop => graylog
</Route>

Anyone know what is bad in this config file?.

THank you.