Let's Talk Start free
Let's Talk Start free

Ignore lines in a file

Tags:
#1 Selmack

Hello, I was wondering is there a command where I can tell NXLOG to ignore the first 32 lines of a file that I am wanting to read in? The log file is a dhcp log on Win 2012 R2 and the first 32 lines is info about Event IDs and their meanings. I'd like to to tell NxLog to ignore first 32 lines when reading in the log files. Thanks in advance for any info. Really love nxlog.

Permalink
#2 b0ti Nxlog ✓
#1 Selmack
Hello, I was wondering is there a command where I can tell NXLOG to ignore the first 32 lines of a file that I am wanting to read in? The log file is a dhcp log on Win 2012 R2 and the first 32 lines is info about Event IDs and their meanings. I'd like to to tell NxLog to ignore first 32 lines when reading in the log files. Thanks in advance for any info. Really love nxlog.

If the header is different from the data you need you could use a regexp like this:

Exec  if $raw_event =~ / .... / drop();

The NXLog EE beta has a record_number() function that returns the current line and it would work in this case:

Exec  if record_number() < 32 drop();

The above is not available in the CE yet. Another option is to use get_var() and set_var()to keep track of the line number but the tricky part is to reset it when a new file is read.
Login to see more