Hi,
On Wed, 17 Jul 2013 16:49:50 -0300
Geraldo Magella Junior <[email protected]> wrote:
> I'm throwing the towel...I'm using NXLOG do forward events to Logstash
> centralized interface that would then write to Elastic Search so I can
> check'em out in Kibana.
I've yet to understand why is everyone using logstash for that as it is
only a proxy and can (?) be omitted altogether.
> Everything is working fine but I'm trying to filter some log entries that I
> don't want to see in ES/Kibana/etc.
> What I want to do is:
> * Exclude DFS Replication log messages.
> * Exclude logs messages that had DEBUG in the message field.
You have more options. In addition to using pm_pattern it might be worth
doing the filtering directly with the Exec directive, i.e. :
<Input eventlog>
Module im_msvistalog
Exec if ($EventID == 42) or ($EventID == 142) ... drop(); \
else if $Message =~ /DEBUG/ drop();
</Input>
Another option is to use Query XML/xpath filtering , see the Query
directive of the im_msvistalog module.
> Can anyone help me?
> Any help would be appreciated.
You forgot to include in your mail what the exact problem is that you are
having.
> And Patterndb.xml looks like:
>
> <patterndb>
> <group>
> <name>eventlog</name>
> <id>1</id>
> <pattern>
> <id>1</id>
> <name>dfs events</name>
> <matchfield>
> <name>FileName</name>
> <type>string</type>
The type tag here defines the matching operation, so it is either REGEXP
or EXACT. You need the latter in this case.
> <value>DFS Replication</value>
> </matchfield>
> <matchfield>
> <name>SourceName</name>
> <type>string</type>
Same as above.
> <value>DFSR</value>
> </matchfield>
> <matchfield>
> <name>EventID</name>
> <type>rege</type>
Typo
> <value>(4202|4208|4302|4304|5004)</value>
> </matchfield>
> <exec>
> drop();
> </exec>
> </pattern>
> <pattern>
> <id>2</id>
> <name>Monitor</name>
> <matchfield>
> <name>Message</name>
> <type>string</type>
regexp?
> <value>DEBUG</value>
> </matchfield>
> <exec>
> drop();
> </exec>
> </pattern>
> </group>
> </patterndb>
Regards,
Botond
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
