Truncate message to custom fields | Log collection solutions

#1 A.Ivanov 8 years ago

Hi, how can I truncate message to custom fields? For example:

I have:

message: 2016-09-26 12:58:54 ru1-t001-web01 INFO "\Processor(_Total)\% Processor Time"="50.762249"

I need:

message: 2016-09-26 12:58:54 ru1-t001-web01 INFO "\Processor(_Total)\% Processor Time"="50.762249"

processorTime: 50.762249

Is it possible? Thank you.

Permalink

#2 A.Ivanov 8 years ago (Last updated 8 years ago )

#1 A.Ivanov

Hi, how can I truncate message to custom fields? For example: I have: message: 2016-09-26 12:58:54 ru1-t001-web01 INFO "\Processor(_Total)\% Processor Time"="50.762249" I need: message: 2016-09-26 12:58:54 ru1-t001-web01 INFO "\Processor(_Total)\% Processor Time"="50.762249" processorTime: 50.762249 Is it possible? Thank you.

Solved, after posting :)

Exec if $raw_event =~ /(.*Available Bytes"=")(.*)"/ \
   {\
   $memory = $2;\
   }

Other question - how i can set type of field?