1
answer

I am trying to figure out how many events are coming in per hour on a given a input module named win.

I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have?

My end goal is to calculate EPS and write it out to log_info every hour with a message saying something like: EPS calulcated: 3,019

<Input win>
    module          im_tcp
        host            0.0.0.0
        port            524
        Exec            parse_syslog();
        Exec            log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname);
</Input>

<Output winout>
        Module          om_file
        CreateDir    true
        File            '%WINLOG%'

        <Schedule>
                Every           60 sec
                Exec            if (file_size('%WINLOG%') >= 2G) \
                                { \
                                       file_cycle('%WINLOG%', 500); \
                                        winout->reopen(); \
                                }

        </Schedule>
</Output>

<Route 5>
    Path            win => winout, Grid
</Route>

AskedOctober 12, 2015 - 6:52pm

Answer (1)

To print EPS you would need something like this:

<Input in_tcp>
    Module      im_tcp
    Host        0.0.0.0
    Port        1415
    Exec        create_stat("stat", "RATE", 1); add_stat("stat", 1);

    <Schedule>
        Every   1 sec
        Exec    log_info("EPS: " + get_stat("stat"));
    </Schedule>
</Input>

You will need to adjust the numbers if you want it printed every hour.

AnsweredOctober 12, 2015 - 9:17pm