You might be right, Cameron. Because
http://www.wolframalpha.com/input/?i=0x8080000000000000 cannot fit into the
64-bit data type as it is.
Also, just converting to String may not help me. The conversion happens
within the module and I would be converting this type-casted value into a
String rather than the original 0x8... representation.
Here are some samples from my laptop's event viewer and their corresponding
text in the GUI Keywords column:
0x8000000000000010 Time
0x8000000000000018 Success, Installation
0x8000000000000080 State
0x8000000020000000 Events related to exhaustion of system commit limit
(virtual memory).
0x8080000000000000 Classic
0x8000000000000004 (4)
0x8000000000000020 (32)
0x8000000000000000
So the leading 0x8 does look redundant or the sign bit. Otherwise 20 does
mean 32 and 4 means 4.
On 30 August 2014 13:13, Cameron Kerr <cameron.kerr...@gmail.com> wrote:
> Unless I've counted the digits wrong, 0x8080000000000000 would have to
> be an *unsigned* 64-bit integer. The first 8 would be setting the sign
> bit otherwise.
>
>
> On Saturday, 30 August 2014, Botond Botyanszki <b...@nxlog.org> wrote:
>
>> Hi,
>>
>> It's not really clear why an int64 value cannot be parsed, Java's Long
>> data type is said to be the same size.
>>
>> If you want to convert it to a string, this should do it:
>> Exec $Keywords = string($Keywords); to_json();
>> If you don't need it at all, you can remove it:
>> Exec delete($Keywords); to_json();
>>
>> Regards,
>> Botond
>>
>> On Fri, 29 Aug 2014 14:21:45 +0100
>> Dhruv Ahuja <dhruvah...@gmail.com> wrote:
>>
>> > Hi All,
>> >
>> > I'm facing some issues with the large hexadecimal values in the Keywords
>> > field of im_msvistalog input module. A typical value from a real system
>> is
>> > 0x8080000000000000 which exceeds the upper limit of Long data type in
>> Java
>> > [and gets overflowed]. Moreover, any intermediate tools/scripts/parsers
>> > using formats like JSON simply throw an exception.
>> >
>> > It says in NXLOG documentation that this field is an Integer [1] and
>> makes
>> > a reference to 'EvtSystemKeywords'. EvtSystemKeywords says it's a
>> > 'EvtVarTypeHexInt64' type [2].
>> >
>> > I'm very new to NXLOG so am wondering if there's a way I can force this
>> > field to be a String. Else considering dropping it altogether at
>> Logstash.
>> >
>> >
>> > Thanks,
>> > new23d
>> >
>> >
>> > [1]
>> >
>> http://nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.html#im_msvistalog
>> > [2]
>> >
>> http://referencesource.microsoft.com/#System.Core/Microsoft/Win32/UnsafeNativeMethods.cs
>>
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds. Stuff that matters.
>> http://tv.slashdot.org/
>> _______________________________________________
>> nxlog-ce-users mailing list
>> nxlog-ce-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
>>
>
>
> --
> --
> Cameron Kerr <cameron.kerr...@gmail.com>
> See my blog at http://distracted-it.blogspot.co.nz/ (previously
> http://humbledown.org/)
> Skype me on cameron.kerr.nz
>
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
>
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
