I am trying to use the multlog module in order to start ingesting a custom log:

I have the following regex: \^(\d{2}|\d).(\d{2}|\d).(\d{4})\s(\d\d|\d):(\d\d|\d):(\d\d|\d)\s(AM|PM).\[(.*)\](.*) 

This works in a regex test; however I cannot get it to work with the log file that looks something like this

9/10/2015 11:29:16 AM [0-3-1-SecondaryPortStatus.cs-17] GetStatus for IP: on port: 5016

9/10/2015 11:29:16 AM [0-3-1-SecondaryPortStatus.cs-47] <TRANSACTION>

9/10/2015 11:29:16 AM [0-3-1-SecondaryPortStatus.cs-57] <RESPONSE>

9/10/2015 11:29:16 AM [0-1-1-LandingPage.xaml.cs-49] POS opened

However when running the nxlog.conf for this I am getting the following error 

2015-09-15 08:00:43 ERROR couldn't parse expression at line 12, character 13 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; invalid character: '\'

I am unsure what i need to do in order to get this correct; does anyone have any insight or resources I should further explore. Is there a REGEX specific doc for NXLOG? 

AskedSeptember 15, 2015 - 4:12pm

Answer (1)

The regexp in the HeaderLine needs to be enclosed between two forward slashes, not backslash. Example:

<Extension multi>
    Module      xm_multiline
    HeaderLine  /^\d{4}\-\d{2}\-\d{2} \d{2}\:\d{2}\:\d{2},\d{3}/