Hi,
Using a capturing regexp you can extract the fields. There are two
options:
1. Exec if $Message =~ /regexp/ { $field1 = $1; $field2 = $2; ... }
2. pm_pattern
Regards,
Botond
On Mon, 23 Jun 2014 12:45:10 +0300
Shedis <she...@gmail.com> wrote:
> Hello,
> Has anyone tried parsing the application crash event message under windows
> application event log. I'm trying the following but not sure how break the
> message into separate fields. I would appreciate any help or pointers.
>
>
> Example event id 1026
>
> Example message text:
>
> Application: rupertd.exe\nFramework Version: v4.0.30319\nDescription: The
> process was terminated due to an unhandled exception.\nException Info:
> System.InvalidOperationException\nStack:\n at
> System.ServiceProcess.ServiceController.GenerateNames()\n at
> System.ServiceProcess.ServiceController.get_ServiceName()\n at
> System.ServiceProcess.ServiceController.GenerateStatus()\n at
> System.ServiceProcess.ServiceController.get_Status()\n at
> ServiceKeeper.Service1.QueryService()\n at
> System.Threading.ThreadHelper.ThreadStart_Context(System.Object)\n at
> System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
> System.Threading.ContextCallback, System.Object, Boolean)\n at
> System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
> System.Threading.ContextCallback, System.Object)\n at
> System.Threading.ThreadHelper.ThreadStart()\n
>
>
> <Input wevtlog_applicationcrashes>
> Module im_msvistalog
> ReadFromLast FALSE
> SavePos FALSE
> PollInterval 1
> Query <QueryList>\
> <Query Id="0" Path="Application">\
> <Select
> Path="Application">*[System[Provider[@Name='.NET Runtime' or
> @Name='Application Error'] and (Level=2) and (EventID=1000 or EventID=1023 or
> EventID=1024 or EventID=1025 or EventID=1026 or EventID=1027)]]</Select>\
> </Query>\
> </QueryList>
> Exec
> delete($Keywords);delete($Severity);delete($SeverityValue);delete($Task);delete($ProcessID);delete($ThreadID);delete($Opcode);
> Exec to_json();
> </Input>
>
> Best regards,
>
> Sent from my Mobile Device!
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
