- Introduction
- Deployment
- Configuration
- 23. Configuration overview
- 24. NXLog language
- 25. Reading and receiving logs
- 26. Processing logs
- 26.1. Parsing various log formats
- 26.2. Alerting
- 26.3. Using buffers
- 26.4. Character set conversion
- 26.5. Detecting an inactive agent or log source
- 26.6. Event correlation
- 26.7. Extracting data
- 26.8. Filtering logs
- 26.9. Format conversion
- 26.10. Log rotation and retention
- 26.11. Log classification
- 26.12. Parsing multi-line logs
- 26.13. Rate limiting and traffic shaping of logs
- 26.14. Rewriting and modifying logs
- 26.15. Timestamps
- 27. Forwarding and Storing Logs
- 28. Centralized Log Collection
- 29. NXLog failover mode
- 30. High Availability (HA)
- 31. Encrypted transfer
- 32. Reducing bandwidth and data size
- 33. Reliable message delivery
- 34. Compression and Encryption
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
26. Processing logs
This chapter deals with various tasks that might be required after a log message is received by NXLog.
-
Parsing various log formats – Reading fields from several common log formats
-
Alerting – Generating alerts when specific conditions are met
-
Using buffers – Using disk- and memory-based buffering in NXLog
-
Character set conversion – Converting between character sets during processing
-
Detecting an inactive agent or log source – Generating alerts when a remote agent or log source stops sending logs
-
Event correlation – Using a dedicated module for detecting conditions based on a sliding window
-
Extracting data – Implementing parsing using module procedures or regular expressions
-
Filtering logs – Discarding events based on specified conditions
-
Format conversion – Configuring conversion between input and output formats
-
Log rotation and retention – Setting up policies for automatically retaining and discarding past log data
-
Log classification – Matching and tagging events
-
Parsing multi-line logs – Joining and parsing messages that span multiple lines
-
Rewriting and modifying logs – Making changes to log messages during processing
-
Timestamps – Working with timestamp strings and datetime values