Hi, On Thu, 18 Jul 2013 10:11:06 -0300 Geraldo Magella Junior <geraldomagellajun...@gmail.com> wrote:
> I wasn't aware that I could drop logstash altogether.. it's not a proxy as > far as I get it.. it can process things, foward events to Rieman, Graphite, > ES and so forth... it's a bit more that just a proxy don't you think? Sure , I'm aware of its features. But if you are using it only to send logs into elasticsearch, then it is nothing more than a proxy. There are several users on the list who have experience with ES, I personally don't, that's why I asked. > I thank you for you mail and if you can clarify for my a little further the > sintax here, I would love: > > <Input eventlog> > Module im_msvistalog > Exec if ($EventID == 42) or ($EventID == 142) ... drop(); \ > else if $Message =~ /DEBUG/ drop(); > </Input> > > I want to drop messages that DOES contain "DEBUG" in it. So it might be: > .. > else if $Message == /DEBUG/ drop(); > ... > Right? No. A regexp match is =~ /.../ And an exact match is == '...' > What if I want to drop messages that contain more than one world (a phrase) > like > "I want to drop that" > It would be > ... > else if $Message == /I want to drop that/ drop(); You should use the regexp match operator =~ > Well.. I've managed to do that using PatternDB, it's working but I'm not > sure is the best way. This is how my patternDB looks like now: The same can be achieved with pm_pattern's xml format. This existed before nxlog's language evolved into what it can do today. The latter can be more flexible, possibly faster, and the xml based format is easier to parse and generate from code (e.g. we have a web based interface for managing patterns). Also the xml patters are stored in an external file which could potentially allow a readable config for the data flow itself. > <name>Message</name> > <type>regexp</type> > <value>^DFSRs (\S+)</value> > <capturedfield> > <name>Message</name> > <type>STRING</type> > </capturedfield> This will overwrite $Message with the captured value. Not sure if that's what you want. Regards, Botond ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
