Hi, I started a study and implementation graylog2 about 150 severs and have the same doubt: I need apply one extractor at a syslog input only when application_name is httpd. I read a full documentation and not found it ready.I don't like create a other Input to extract a message from each application type. Is plugin a best way to try make this?
Best Regards, Flávio Pimenta. On Thursday, June 5, 2014 7:42:35 PM UTC-3, Shahzaib Bhatia wrote: > > Is it possible for an extractor to conditionally act upon a field taking > other fields into consideration? For example, I have a GELF message that > arrives looking like this: > > facility: gelf-rb >> facility_label: local2 >> file: /dev/log >> level: Info [6] >> line: -1 >> message: 10.11.79.25:55415 [05/Jun/2014:17:21:08.847] stats~ >> stats/<STATS> 1/-1/-1/-1/4 200 110897 - - LR-- 1/0/0/0/0 0/0 "GET / >> HTTP/1.1" >> pid: 6888 >> priority: 150 >> program: haproxy >> severity_label: Informational >> source: endpoint-01.dev.law.caltesting.org >> type: syslog >> version: 1.0 >> full_message: 10.11.79.25:55415 [05/Jun/2014:17:21:08.847] stats~ >> stats/<STATS> 1/-1/-1/-1/4 200 110897 - - LR-- 1/0/0/0/0 0/0 "GET / >> HTTP/1.1" > > > I would like to write an extractor for the HAProxy log line that only > triggers when the program field contains HAProxy. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
