NXLog search
Let's talk Start free
Let's talk Start free

Log detail being dropped

Tags: windows | json
#1 keefbaker

Hi everyone,

We have an internal application on a windows box which logs in a way which is slightly mangled. All other windows logs come through nxlog but on these messages the entire message field gets dropped.

Is there a way to parse using ifs? eg:

if $service == "Homegrown app" {

}

So that I can either change the output format or parse them untouched into a file etc...

Does anyone know if there are any characters that don't get escaped properly that might mangle the json output?

Sorry for not giving a huge amount of information, I have to keep this as agnostic as I can.

Permalink
#3 akumar
#1 keefbaker
Hi everyone, We have an internal application on a windows box which logs in a way which is slightly mangled. All other windows logs come through nxlog but on these messages the entire message field gets dropped. Is there a way to parse using ifs? eg: if $service == "Homegrown app" { } So that I can either change the output format or parse them untouched into a file etc... Does anyone know if there are any characters that don't get escaped properly that might mangle the json output? Sorry for not giving a huge amount of information, I have to keep this as agnostic as I can.

<Input null_in>
      Module     im_null
</Input>

<Input WindowsEvents>

....

Exec   if $feldname =~ /misbehaving_source/ reroute("alternate");

<Output alternate>

      Module    om_file

      File        "/var/log/alternate.log"

</Outfile>

<Route  whatever>

     Path   null_in => alternate

</Route>

 

Cheers

 

Ash
Login to see more