Hi,
I want to include the fqdn of the server sending logs in the raw_event. I
am using this configuration
<Input confluence>
Module im_file
File "/var/log/test.log"
SavePos TRUE
Exec $raw_event=$raw_event+'|server:'+hostname_fqdn()+'|';
</Input>
Sending the log to logstash in the same host for testing using
<Output confluence_out>
Module om_tcp
Host localhost
Port 3516
</Output>
And I am receiving the log truncated, missing first character of the log
line. Testing with "Test" string I receive
{
"@source" => "tcp://127.0.0.1:49388/",
"@tags" => [
[0] "nxlog",
[1] "_jsonparsefailure",
[2] "multiline",
[3] "_grokparsefailure"
],
"@fields" => {
"log_level_alert" => [
[0] "%{@fields.log_level}"
]
},
"@timestamp" => "2013-07-23T21:11:59.945Z",
"@source_host" => "127.0.0.1",
"@source_path" => "/",
"@message" => "*est*|server:Debian607.vagrantup.com|\n",
"@type" => "confluence"
}
What is truncating the first character of the log? Is there a better way to
include the fqdn in the event?
Thanks
Enrique.
Full nxlog.conf (in the sender)
root@Debian607:~# cat /etc/nxlog/nxlog.conf
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
########################################
# Inputs #
########################################
<Input internal>
Module im_internal
</Input>
<Input confluence>
Module im_file
File "/var/log/test.log"
SavePos TRUE
Exec $raw_event=$raw_event+'|server:'+hostname_fqdn()+'|';
</Input>
########################################
# Output #
########################################
<Output confluence_out>
Module om_tcp
Host localhost
Port 3516
</Output>
########################################
# Routes #
########################################
<Route confluence>
Path confluence => confluence_out
</Route>
-------------------------------------------------------------------------------------------------
Full logstash.conf (in the receiver)
input {
tcp {
type => "confluence"
port => 3516
format => 'json'
tags => ["nxlog"]
}
}
filter {
multiline {
type => "confluence"
pattern => "^20"
negate => true
what => "previous"
add_tag => ["multiline_confluence"]
}
grok {
type => "confluence"
pattern => "%{DATESTAMP},%{NUMBER} %{LOGLEVEL:log_level}
\[%{JAVAFILE:thread}\] \[%{JAVACLASS:class}\]"
add_tag => ["matched_confluence"]
}
}
output {
stdout {
type => "confluence"
debug => true
}
}
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
