Hello all-
I'm very new with nxlog (couple of weeks into trying to configure it), and I
have what may be a very basic issue, hoping someone may be able to help:
I'm sending text application log lines to an ELK stack- I've successfully been
able to send the messages, but I'm trying to do a couple of things-
1. I have been unsuccessful in sending the FQDN as opposed to the host IP
2. I'm also trying to create a tag for the log source (part of which I
want to strip out to get a name instance for further evaluation in kibana
My nxlog.conf:
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension json>
Module xm_json
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Input internal>
Module im_internal
Exec $Message = to_json();
</Input>
# Watch any file you'd like
<Input file_watch_bsi>
Module im_file
File "D:\\ese\\log\\HORS.ESI.*_*_*_*.log"
SavePos TRUE
Exec $Hostname = hostname_fqdn(); \
$SourceName = '?????';
</Input>
<Output out>
Module om_tcp
Host x.x.x.x
Port xxxx
</Output>
<Route 1>
Path internal, file_watch_bsi => out
</Route>
Output I see in Kibana:
{
"_index":"logstash-2015.02.24",
"_type":"syslog",
"_id":"BzpzTcPTRfK55jmrfkzmIA",
"_score":null,
"_source":{
"message":"-W 02-24 15:42:24.057 6308 48 LbmLogger LBM reports NOTICE:
wincport 0000000003226EA0 line 3922 WSA err 10054, Connection reset by peer
(peer 11.x.xxx.xx:58xxx) (op 1)\u000d\u000a",
"@version":"1",
"@timestamp":"2015-02-24T20:42:24.281Z",
"type":"syslog",
"host":"11.x.x.xx",
"tags":["_grokparsefailure",
"syslog_out",
"not_filtered"
],
"priority":13,
"severity":5,
"facility":1,
"facility_label":"user-level",
"severity_label":"Notice"
},
"sort":[1424810544281,
1424810544281
]
}
I'd love to get each element of the message tagged (since just getting
'"message": wall of words' isn't very helpful, but I will get into that
another day to avoid yak-shaving...
Any help would be appreciated!
Kotter
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
