Thank you, that was it. I am now keeping one output and route just for json so I can tell what the fields are for filtering purposes.
-----Original Message----- From: Botond Botyanszki [mailto:b...@nxlog.org] Sent: Monday, June 27, 2016 11:23 PM To: nxlog-ce-users@lists.sourceforge.net Subject: Re: [nxlog-ce-users] Windows INFO Hi, Facility is for syslog. Perhaps you meant Severity? It usually helps to dump out your logs in JSON or KVP to see what the fields are. Regards, Botond On Mon, 27 Jun 2016 19:32:27 +0000 <ward.p.fonte...@wellsfargo.com> wrote: > I'm trying to dump all logs with INFO like the one below - > > 2016-06-27 15:25:01 SOME_WINDOWS_SERVER INFO 5857 NT AUTHORITY\LOCAL > SERVICE WmiPerfInst provider started with result code 0x0. HostProcess > = wmiprvse.exe; ProcessID = 7328; ProviderPath= > C:\Windows\system32\wbem\WmiPerfInst.dll > > And had put the following in my patternsdb.xml file but it's not catching, so > I know that Facility is not correct. I just don't know what I need to match > INFO and drop that log entry. > > Patternsdb.xml snippet - > > <pattern> > <id>16</id> > <name>INFO</name> > <matchfield> > <name>Facility</name> > <value>INFO</value> > </matchfield> > <exec>drop();</exec> > </pattern> > > Respectfully, > > Ward P Fontenot > ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
