[nxlog-ce-users] Parsing windows application crash event log messages

Mon, 23 Jun 2014 02:47:34 -0700 

Hello,
Has anyone tried parsing the application crash event message under windows 
application event log. I'm trying the following but not sure how break the 
message into separate fields. I would appreciate any help or pointers.


Example event id 1026

Example message text:

Application: rupertd.exe\nFramework Version: v4.0.30319\nDescription: The 
process was terminated due to an unhandled exception.\nException Info: 
System.InvalidOperationException\nStack:\n   at 
System.ServiceProcess.ServiceController.GenerateNames()\n   at 
System.ServiceProcess.ServiceController.get_ServiceName()\n   at 
System.ServiceProcess.ServiceController.GenerateStatus()\n   at 
System.ServiceProcess.ServiceController.get_Status()\n   at 
ServiceKeeper.Service1.QueryService()\n   at 
System.Threading.ThreadHelper.ThreadStart_Context(System.Object)\n   at 
System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, 
System.Threading.ContextCallback, System.Object, Boolean)\n   at 
System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, 
System.Threading.ContextCallback, System.Object)\n   at 
System.Threading.ThreadHelper.ThreadStart()\n


<Input wevtlog_applicationcrashes>
   Module              im_msvistalog
       ReadFromLast    FALSE
       SavePos                 FALSE
       PollInterval    1
       Query   <QueryList>\
                       <Query Id="0" Path="Application">\
                               <Select 
Path="Application">*[System[Provider[@Name='.NET Runtime' or @Name='Application 
Error'] and (Level=2) and (EventID=1000 or EventID=1023 or EventID=1024 or 
EventID=1025 or EventID=1026 or EventID=1027)]]</Select>\
                       </Query>\
                       </QueryList>
       Exec    
delete($Keywords);delete($Severity);delete($SeverityValue);delete($Task);delete($ProcessID);delete($ThreadID);delete($Opcode);
       Exec    to_json();
</Input>

Best regards,

Sent from my Mobile Device!
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

Reply via email to