I am trying to figure out how many events are coming in per hour on a given a input module named win.

I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have?

My end goal is to calculate EPS and write it out to log_info every hour with a message saying something like: EPS calulcated: 3,019

<Input win>
    module          im_tcp
        port            524
        Exec            parse_syslog();
        Exec            log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname);

<Output winout>
        Module          om_file
        CreateDir    true
        File            '%WINLOG%'

                Every           60 sec
                Exec            if (file_size('%WINLOG%') >= 2G) \
                                { \
                                       file_cycle('%WINLOG%', 500); \
                                        winout->reopen(); \


<Route 5>
    Path            win => winout, Grid

AskedOctober 12, 2015 - 6:52pm

Answer (1)

To print EPS you would need something like this:

<Input in_tcp>
    Module      im_tcp
    Port        1415
    Exec        create_stat("stat", "RATE", 1); add_stat("stat", 1);

        Every   1 sec
        Exec    log_info("EPS: " + get_stat("stat"));

You will need to adjust the numbers if you want it printed every hour.

Comments (2)

  • anthonyweller's picture

    I am interested in adding EPS counts to all my modules for tracking stats. So this would print the stat to nxlog.log at INFO level? How could I direct it to a different custom log file if I wanted to? Thank you.

  • manuel.munoz's picture

    Sure, you could use xm_fileop and file_write() function.

    file_write(string file, string value);
    Write value into file. The file will be created if it does not exist. An error is logged if the operation fails.