Hi,
I am using rsyslog (v8.9) to process structured log data from umberlog and
Linux's printk_emit. In the log message is a field "$!mse.element_indices" that
can have values such as "0", "0 1", "0 1 2", and so on. I would like to iterate
over the delimited elements of that value and had supposed that foreach would
do something like that.
With the config below I comment/uncomment the foreach loop. When the foreach
loop is commented out rsyslog creates entries in both mongodb and the file.
When the foreach loop is uncommented, rsyslog produces nothing in either
destination.
Why does this use of foreach fail? What should I be doing to iterate?
Thanks,
David Boles
------------------------------------------------------------------------------
module(load="imuxsock")
module(load="imkmsg")
module(load="imtcp")
input(type="imtcp" port="10514")
module(load="mmjsonparse")
module(load="ommongodb")
kern.* /var/log/db_kernel.log
*.* /var/log/db_full.log
template(name="mse-structured-info" type="subtree" subtree="$!")
template(name="mse-all-info" type="list") {
property(name="jsonmesg" outname="msg")
}
if ($fromhost-ip == '127.0.0.1' and $syslogfacility-text != 'kern') then {
action(type="mmjsonparse")
if $parsesuccess == "OK" then {
set $!foo = $!mse.element_indices;
set $!amph = "toad";
# foreach ($.index in $!mse.element_indices) do {
# set $!amph = "turtle";
# }
action(type="ommongodb" server="somemachine.somewhere.org"
db="logs" collection="syslog" template="mse-structured-info")
action(type="omfile" template="mse-all-info"
file="/var/log/db_local_user_structured.log")
}
}
$WorkDirectory /var/spool/rsyslog
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
