Unfortunately it looks like we don't support this at the moment. We
delegate the timestamp parsing to Go, and Go's parser doesn't support
seconds-since-epoch format. We should clearly support it, though, so
we'll need to add some special case logic to check for it, and probably
also milliseconds-since-epoch and nanoseconds-since-epoch too.
I've opened an issue for it:
https://github.com/mozilla-services/heka/issues/963
-r
On 07/14/2014 05:33 PM, Augie Schwer wrote:
What timestamp_layout should I use if I want to match a unix time-stamp
( seconds since epoch ) with the PayloadRegexDecoder?
I tried "1136239445", but my heka message is the current time not the
time in the message payload.
Gory details:
[hekad]
base_dir = "/tmp/hekad"
[nagios_log]
Type = "LogstreamerInput"
log_directory = "/var/log/nagios/"
file_match = 'nagios\.log'
decoder = "nagios_log_decoder"
hostname = "admin.pubfactory.com <http://admin.pubfactory.com>"
[nagios_log_decoder]
Type = "PayloadRegexDecoder"
match_regex = '^\[(?P<nagios_epoch>\d+)\] (?P<nagios_type>HOST
NOTIFICATION):
(?P<nagios_notifyname>\S+);(?P<nagios_hostname>\S+);(?P<nagios_state>.+);(?P<nagios_contact>\S+);(?P<nagios_message>.+)'
timestamp_layout = '1136239445'
timestamp_location = 'America/New_York'
log_errors = false
[nagios_log_decoder.message_fields]
Type= "NagiosLogFile"
Timestamp = "%nagios_epoch%"
nagios_type = "%nagios_type%"
nagios_notifyname = "%nagios_notifyname%"
nagios_hostname = "%nagios_hostname%"
nagios_state = "%nagios_state%"
nagios_contact = "%nagios_contact%"
nagios_message = "%nagios_message%"
[debug]
type = "LogOutput"
message_matcher = "Logger == 'nagios_log'"
#message_matcher = "TRUE"
2014/07/14 19:38:43 <
Timestamp: 2014-07-14 19:38:43.273791521 -0400 EDT
Type: NagiosLogFile
Hostname: admin.pubfactory.com <http://admin.pubfactory.com>
Pid: 0
UUID: 20c65961-890c-4ef0-9967-44cd17dde0a6
Logger: nagios_log
Payload: [1405368416] HOST NOTIFICATION:
preston;voices.revealdigital.com
<http://voices.revealdigital.com>;DOWN;notify-host-by-email;Unknown BPI
Group Index
EnvVersion:
Severity: 7
Fields: [name:"Timestamp" value_type:STRING representation:""
value_string:"1405368416" name:"nagios_type" value_type:STRING
representation:"" value_string:"HOST NOTIFICATION"
name:"nagios_notifyname" value_type:STRING representation:""
value_string:"preston" name:"nagios_hostname" value_type:STRING
representation:"" value_string:"voices.revealdigital.com
<http://voices.revealdigital.com>" name:"nagios_state"
value_type:STRING representation:"" value_string:"DOWN"
name:"nagios_contact" value_type:STRING representation:""
value_string:"notify-host-by-email" name:"nagios_message"
value_type:STRING representation:"" value_string:"Unknown BPI Group Index" ]
>
--
Augie Schwer - [email protected] - http://schwer.us
_______________________________________________
Heka mailing list
[email protected]
https://mail.mozilla.org/listinfo/heka
_______________________________________________
Heka mailing list
[email protected]
https://mail.mozilla.org/listinfo/heka
