NxLog multiline to ship data that only contains a colon
Tags:
Hello there,
I am working with a multiline module. This particular file has 38 lines, but I'd like to only ship the lines that contain a colon. Is there a way to write an exec that if the line does not contain a colon then drop the line?
Here is my config so far:
<Extension log>
Module xm_multiline
#FixedLineCount
HeaderLine /^---Begin event transaction---/
#EndLine /^---Event Reporting Complete---/
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "C:\\Users\\Administrator\\Desktop\\SRR_Error.txt"
InputType log
SavePos FALSE
ReadFromLast FALSE
Exec $message = $raw_event; to_json();
</Input>
Thanks,
#1
Deleted user
Hello there,
I am working with a multiline module. This particular file has 38 lines, but I'd like to only ship the lines that contain a colon. Is there a way to write an exec that if the line does not contain a colon then drop the line?
Here is my config so far:
<Extension log>
Module xm_multiline
#FixedLineCount
HeaderLine /^---Begin event transaction---/
#EndLine /^---Event Reporting Complete---/
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "C:\\Users\\Administrator\\Desktop\\SRR_Error.txt"
InputType log
SavePos FALSE
ReadFromLast FALSE
Exec $message = $raw_event; to_json();
</Input>
Thanks,
You can use the Exec directive inside the xm_multiline instance to ignore lines as follows:
<Extension log>
Module xm_multiline
HeaderLine ...
Exec if $raw_event !~ /\;/ drop();
</Extension>
