Request trial
Request Trial

Skipping certain number of lines after regex match

Tags:
#1 mime

Please, could you advise how to skip (drop) certain number of next log lines after the $raw_event matches (Exec if $raw_event =~ / .... / drop();) ??? Thanks!

Permalink
#2 ArkadiyDeactivated Nxlog ✓
#1 mime
Please, could you advise how to skip (drop) certain number of next log lines after the $raw_event matches (Exec if $raw_event =~ / .... / drop();) ??? Thanks!

Hi. You could use counters and simple if-else conditioning like this:

    <Exec>
        create_stat('counter', 'COUNT');
        if $raw_event =~ /some_pattern/ and get_stat('counter') == 3 {
            add_stat('counter', -3);
        } else if get_stat('counter') < 3 {
            drop();
        }
    </Exec>

It will drop every three events after something which trigger regex. Please take a look and give it a try.
Regards, Arch
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS