Here is the relevant bit from my nxlog and logstash config.
I set the server name explicitly to be what I want, you could use the
server's actual hostname too.
*nxlog:*
*<Extension json>*
* Module xm_json*
*</Extension>*
*<Input file1>*
* Module im_file*
* File "D:\\Logs\\\\*.log"*
* Exec $source_server = 'Servername'; $source_file = file_name(); $message
= $raw_event; to_json();*
*</Input>*
*logstash:*
i*nput {*
* tcp {*
* port => 7654*
* mode => 'server'*
* codec => json { charset => 'CP1252'}*
* type => 'nxlog'*
* }*
On Wed, 25 Feb 2015 at 20:14 Otterbein, Karl <kotterb...@ise.com> wrote:
> Hello all-
>
>
>
> I’m very new with nxlog (couple of weeks into trying to configure it), and
> I have what may be a very basic issue, hoping someone may be able to help:
>
>
>
> I’m sending text application log lines to an ELK stack- I’ve successfully
> been able to send the messages, but I’m trying to do a couple of things-
>
>
>
> 1. I have been unsuccessful in sending the FQDN as opposed to the
> host IP
>
> 2. I’m also trying to create a tag for the log source (part of
> which I want to strip out to get a name instance for further evaluation in
> kibana
>
>
>
> My nxlog.conf:
>
>
>
> #define ROOT C:\Program Files\nxlog
>
> define ROOT C:\Program Files (x86)\nxlog
>
>
>
> Moduledir %ROOT%\modules
>
> CacheDir %ROOT%\data
>
> Pidfile %ROOT%\data\nxlog.pid
>
> SpoolDir %ROOT%\data
>
> LogFile %ROOT%\data\nxlog.log
>
>
>
> <Extension json>
>
> Module xm_json
>
> </Extension>
>
> <Extension syslog>
>
> Module xm_syslog
>
> </Extension>
>
>
>
> <Input internal>
>
> Module im_internal
>
> Exec $Message = to_json();
>
> </Input>
>
> # Watch any file you'd like
>
> <Input file_watch_bsi>
>
> Module im_file
>
> File "D:\\ese\\log\\HORS.ESI.*_*_*_*.log"
>
> SavePos TRUE
>
> Exec $Hostname = hostname_fqdn(); \
>
> $SourceName = '?????';
>
> </Input>
>
>
>
> <Output out>
>
> Module om_tcp
>
> Host x.x.x.x
>
> Port xxxx
>
> </Output>
>
>
>
> <Route 1>
>
> Path internal, file_watch_bsi => out
>
> </Route>
>
>
>
> Output I see in Kibana:
>
>
>
> {
>
> "_index":"logstash-2015.02.24",
>
> "_type":"syslog",
>
> "_id":"BzpzTcPTRfK55jmrfkzmIA",
>
> "_score":null,
>
> "_source":{
>
> "message":"-W 02-24 15:42:24.057 6308 48 LbmLogger LBM reports NOTICE:
> wincport 0000000003226EA0 line 3922 WSA err 10054, Connection reset by peer
> (peer 11.x.xxx.xx:58xxx) (op 1)\u000d\u000a",
>
> "@version":"1",
>
> "@timestamp":"2015-02-24T20:42:24.281Z",
>
> "type":"syslog",
>
> "host":"11.x.x.xx",
>
> "tags":["_grokparsefailure",
>
> "syslog_out",
>
> "not_filtered"
>
> ],
>
> "priority":13,
>
> "severity":5,
>
> "facility":1,
>
> "facility_label":"user-level",
>
> "severity_label":"Notice"
>
> },
>
> "sort":[1424810544281,
>
> 1424810544281
>
> ]
>
> }
>
>
>
> I’d love to get each element of the message tagged (since just getting
> ‘“message”: wall of words’ isn’t very helpful, but I will get into that
> another day to avoid yak-shaving...
>
>
>
> Any help would be appreciated!
>
>
>
> Kotter
> ------------------------------------------------------------
> ------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
