Ignore lines in a file

Post a different question
2
responses

Hello, I was wondering is there a command where I can tell NXLOG to ignore the first 32 lines of a file that I am wanting to read in? The log file is a dhcp log on Win 2012 R2 and the first 32 lines is info about Event IDs and their meanings. I'd like to to tell NxLog to ignore first 32 lines when reading in the log files. Thanks in advance for any info. Really love nxlog.

AskedFebruary 9, 2018 - 5:12pm

Answer (1)

If the header is different from the data you need you could use a regexp like this:

Exec  if $raw_event =~ / .... / drop();

The NXLog EE beta has a record_number() function that returns the current line and it would work in this case:

Exec  if record_number() < 32 drop();

The above is not available in the CE yet. Another option is to use get_var() and set_var()to keep track of the line number but the tricky part is to reset it when a new file is read.

AnsweredFebruary 9, 2018 - 5:44pm

Comments (1)

  • Selmack's picture

    Thank you so much for the response b0ti and assistance. Much appreciated. Do you know when the record number function will be available in the CE? Just curious.

    February 9, 2018 - 8:22pm