Hello. I've read the documentation about extractors and found that in
simple case like
>
> This is the error message error-type=fatal-error ip=1.2.3.4
it can be extract using Key=Value pair convereter.
In out project we have quite a large state-dump message on fatal error and
putting it into a single line is not practical. The messages have the
following format:
This is a state-dump.
> FQCN=f.q.c.n.MyClass
> field_FQCN1 = {
> #csv-like collection format
> }
> field_FQCN2 = {
> #csv-like collection format
> }
> etc...
Example
Log-message:
This is a state-dump.
> class=com.my.company.MyClass
>
com.my.company.MyAnotherClass = {
> id, name, value1, value2
> 1, "some_string", 10.0, 10
> 31, "some_another_string", 141.1, 31
> 321, "stt", 10.0, 10
> }
>
com.my.company.MyAnotherAnotherClass = {
> id, some_string_field, some_value
> 41, "str", 142.0
> 451, "stttr", 14341.1
> 121, "sttttr", 10.0
> }
So, I'd like this message to be parsed in the following fields stored into
elasticsearch:
field1: class = com.my.company.MyClass
field2: com.my.company.MyAnotherClass = {
id, name, value1, value2
1, "some_string", 10.0, 10
31, "some_another_string", 141.1, 31
321, "stt", 10.0, 10
}
field 3: com.my.company.MyAnotherAnotherClass = {
id, some_string_field, some_value
41, "str", 142.0
451, "stttr", 14341.1
121, "sttttr", 10.0
}
The issue is I don't know which collection of which classes a dumped
instance will contain. I only know that it will have the format.
Is something like that possible in graylog?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c85e9e1b-cbb6-4bf1-8a5c-729baced2835%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
