Hi Paul, You should first make sure the Message field contains the data you expect since the log entry is not fully compliant bsd syslog, i.e. Hostname is missing and there is a severity (INFO). log_info(to_json()) or log_info($Message) could help. It's likely that the parse_syslog_bsd() cannot grok this, I suggest doing manual extraction as done in this example: http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html#sources_app_tomcat
Regards, Botond On Mon, 4 Aug 2014 16:20:59 +0000 <ward.p.fonte...@wellsfargo.com> wrote: > I’m fairly familiar with regular expressions so that’s not an issue – > admittedly my question was poorly written. I was actually hoping an answer > would come across telling me that based on the breakdown of the log entry > > > > <13>Jul 31 14:32:01 INFO [org.apache.commons.logging.impl.Log4JLogger] > [QueryBeansDataAccessManager.getConnection()] Getting a connection from DS. > > > > that my *assumption* that this was the Message field was incorrect. > > > > <matchfield> > <name>Message</name> > <type>REGEXP</type> > <value>[QueryBeansDataAccessManager.getConnection()] Getting a connection > from DS</value> > </matchfield> > > > > I was in a hurry when I sent the original email and left out the backslashes > here > > > > <matchfield> > <name>Message</name> > <type>REGEXP</type> > <value>\[QueryBeansDataAccessManager.getConnection\(\)\] Getting a connection > from DS</value> > </matchfield> > > > > From: Cameron Kerr [mailto:cameron.kerr...@gmail.com] > Sent: Sunday, August 03, 2014 2:51 AM > To: Fontenot, Ward P. > Cc: nxlog-ce-users@lists.sourceforge.net > Subject: Re: [nxlog-ce-users] Pattern issue > > > > My guess is that you've included a [...] construct in your regular expression > without realising what it does. > > > > Replace it with \[...\] > > > > You may also benefit from learning about regular expressions, as there are a > number of characters that have special meaning. I'm guessing you haven't used > them much before, in which case it's best to learn them reasonably well > before you end up getting very frustrated by them. > > > > Cheers, > > Cameron > > On Friday, 1 August 2014, <ward.p.fonte...@wellsfargo.com> wrote: > > I'm stumped and need a little push in the right direction > > I'm using this input > ---------------------------------------------------------------------------- > ------------- > <Input cdvra00a0100_in> > Module im_tcp > Host 192.168.0.10 > Port 5300 > Exec parse_syslog_bsd(); > </Input> > > This pattern > ---------------------------------------------------------------------------- > ------------- > <Processor jboss_patterns> > Module pm_pattern > PatternFile /etc/nxlog.d/jboss-patterndb.xml > </Processor> > > This output > ---------------------------------------------------------------------------- > ------------- > <Output cdvra00a0100_all_out> > Module om_file > File '%CDVRA00A0100_ALL%' > </Output> > > This route > ---------------------------------------------------------------------------- > ------------- > <Route cdvra00a0100_route> > Path cdvra00a0100_in => jboss_patterns => > cdvra00a0100_out > </Route> > > I'm trying to match this log entry > ---------------------------------------------------------------------------- > ------------- > <13>Jul 31 14:32:01 INFO [org.apache.commons.logging.impl.Log4JLogger] > [QueryBeansDataAccessManager.getConnection()] Getting a connection from DS. > > Using this pattern in my jboss-patterndb.xml file > ---------------------------------------------------------------------------- > ------------- > <matchfield> > <name>Message</name> > <type>REGEXP</type> > <value>[QueryBeansDataAccessManager.getConnection()] Getting a connection > from DS</value> > </matchfield> > > > > Paul Fontenot > Enterprise Key Management & Public Key Infrastructure | EIST&O | ETS | TOG | > Wells Fargo > > 2600 S. Price Rd. 2nd Floor | Chandler, AZ 85286 > MAC S3939-022 > Cell (480) 253-2908 > > ward.p.fonte...@wellsfargo.com <javascript:;> > > This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or > any information herein. If you have received this message in error, please > advise the sender immediately by reply e-mail and delete this message. Thank > you for your cooperation. > > > > -- > > -- > Cameron Kerr <cameron.kerr...@gmail.com> > > See my blog at http://distracted-it.blogspot.co.nz/ (previously > http://humbledown.org/) > > Skype me on cameron.kerr.nz > > > > >
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
