Needed help with parsing/modify. Would greatly appreciate some direction. At the moment, I am parsing a plain-test log-file and sending to a remote server:
Jun 19 16:29:28 server12345 [...] Jun 19 16:29:28 server12345 --- Jun 19 16:29:27 server12345 [program.state :3371]
The above is what I get with parsing. I was hoping to make every line transform like this
Jun 19 16:29:28 server12345 **programName1** [...] Jun 19 16:29:28 server12345 **programName1** --- Jun 19 16:29:27 server12345 **programName1** [program.state :3371]
Can someone help me understand, how I can get programName1 appended to each file, after the server hostname?
Also, is it possible to parse the server-name, and replace it as follows:
Jun 19 16:29:28 **server12345--NA** programName1 [...] Jun 19 16:29:28 **server12345--NA** programName1 --- Jun 19 16:29:27 **server12345--NA** programName1 [program.state :3371]
Would appreciate some guidance on how to change this via config. I currently, am reading in a textfile via the om_file method.
Update: Relevant snippets of config:
<Input log_file> Module im_file File 'C:\program\var\log\file.log' #InputType multiline_parser Exec parse_syslog(); </Input> <Processor norepeat> Module pm_norepeat CheckFields Hostname, Message, SourceName OutputFormat syslog_rfc3164 </Processor> <Route log_output> Path log_file => norepeat => log_output </Route> <Output log_output> Module om_udp Host x.x.x.x Port 514 </Output>