Identifiing multiline Messages not working

#1 fiddell 8 years ago

Hi,

i have follwing logentry:

------------- New entry --------------------

line 1

line 2

line 3

line x

{blank line}

------------- New entry --------------------

line 1

line 2

line 3

line x

{blank line}

I try to parse this with the multiline extension with following configuration:

<Extension multiline>
Module   xm_multiline
HeaderLine   /^--/
EndLine   /^$/
</Extension>

<Input in>
Module   im_file
File   "input.txt"
SavePos   FALSE
ReadFromLast TRUE
InputType   multiline
Exec   if $raw_event !~ /^--/ drop();
Exec $raw_event = replace($raw_event, "\r\n", ";");
</Input>

<Output out>
Module om_file
File "output.txt"
</Output>

When i write one line and save then the input-file nxlog outputs only the header. When i write the complete entry a once nxlog works as expected. What iam doing wrong?

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 fiddell

Hi, i have follwing logentry: ------------- New entry -------------------- line 1 line 2 line 3 line x {blank line} ------------- New entry -------------------- line 1 line 2 line 3 line x {blank line} I try to parse this with the multiline extension with following configuration: <Extension multiline> Module xm_multiline HeaderLine /^--/ EndLine /^$/ </Extension> <Input in> Module im_file File "input.txt" SavePos FALSE ReadFromLast TRUE InputType multiline Exec if $raw_event !~ /^--/ drop(); Exec $raw_event = replace($raw_event, "\r\n", ";"); </Input> <Output out> Module om_file File "output.txt" </Output> <Route 1> Path in => out </Route> When i write one line and save then the input-file nxlog outputs only the header. When i write the complete entry a once nxlog works as expected. What iam doing wrong?

Incomplete multiline messages will be flushed by im_file if no new data arrives within PollInterval.