If your servers are linux with syslog or syslog-ng you could send only http/httpd to graylog2, that tis another way by looking at it if you need http only.
On Thursday, August 28, 2014 4:41:58 PM UTC+2, Flávio Pimenta wrote: > > Hi, > > I started a study and implementation graylog2 about 150 severs and have > the same doubt: I need apply one extractor at a syslog input only when > application_name is httpd. > I read a full documentation and not found it ready.I don't like create a > other Input to extract a message from each application type. > Is plugin a best way to try make this? > > Best Regards, > Flávio Pimenta. > > > On Thursday, June 5, 2014 7:42:35 PM UTC-3, Shahzaib Bhatia wrote: >> >> Is it possible for an extractor to conditionally act upon a field taking >> other fields into consideration? For example, I have a GELF message that >> arrives looking like this: >> >> facility: gelf-rb >>> facility_label: local2 >>> file: /dev/log >>> level: Info [6] >>> line: -1 >>> message: 10.11.79.25:55415 [05/Jun/2014:17:21:08.847] stats~ >>> stats/<STATS> 1/-1/-1/-1/4 200 110897 - - LR-- 1/0/0/0/0 0/0 "GET / >>> HTTP/1.1" >>> pid: 6888 >>> priority: 150 >>> program: haproxy >>> severity_label: Informational >>> source: endpoint-01.dev.law.caltesting.org >>> type: syslog >>> version: 1.0 >>> full_message: 10.11.79.25:55415 [05/Jun/2014:17:21:08.847] stats~ >>> stats/<STATS> 1/-1/-1/-1/4 200 110897 - - LR-- 1/0/0/0/0 0/0 "GET / >>> HTTP/1.1" >> >> >> I would like to write an extractor for the HAProxy log line that only >> triggers when the program field contains HAProxy. >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
