Hello –
We are attempting to parse a custom application log and running into issues
with this. Here is a sample of the log:
[Thu Oct 18 13:41:48 2012] [ ERROR] [ integer] [servername]
[/path/to/file.extension::165] Failed to create event (mac_address)
Two attempts have been made at alerting/parsing the log, which are below:
<decoder name="sts">
<prematch>^[(\.+)] [(\.+)] [(\.+)] [(\.+)] [(\.+)] Failed to create
event</prematch>
<regex offset="after_prematch">^[(\.+)] [(\.+)] [(\.+)] [(\.+)]
[(\.+)] Failed to create event (\.+)$</regex>
<order>extra_data</order>
</decoder>
The other attempt was with this:
<decoder name="sts">
<prematch>^\[(.*?)\]\s*\[(.*?)\]\s*\[(.*?)\]\s*\[(.*?)\]\s*\[(.*?)\]\s*(.*?)$</prematch>
</decoder>
Any ideas as to why these are not working?
Thanks in advance.
-Brian
