I don't know if this is what you are asking for...
3421.997587883:main Q:Reg/w0 : SET !data!aapp =
3421.997596172:main Q:Reg/w0 : function 'field' (id:9, params:3)
3421.997607766:main Q:Reg/w0 : var 'programname'
3421.997687716:main Q:Reg/w0 : 47
3421.997714715:main Q:Reg/w0 : 2
3421.997728731:main Q:Reg/w0 : END SET
El 30/11/16 a las 22:32, Rainer Gerhards escribió:
Can you show what the properties are for this message?
Sent from phone, thus brief.
Am 30.11.2016 20:18 schrieb "mosto...@gmail.com" <mosto...@gmail.com>:
Hi
I'm still not able to get it, and *perhaps reproduced an issue related to
properties not being accessible*...
Consider the following relay.conf:
global(
MaxMessageSize="32k"
workDirectory="/var/spool/rsyslog"
parser.escapeControlCharactersOnReceive="off"
)
template(
name="json"
string="<%pri%>%timestamp:::date-rfc3339% %hostname%
logs/%$!data!group%/%$!data!aapp%: %$!data%"
type="string"
)
module(load="omrelp")
ruleset(name="relp") {
set $!data!aapp=field($programname,"/",2);
set $!data!file="$!metadata!filename";
set $!data!group=field($programname,"/",1);
set $!data!msg=$msg;
action(
action.reportSuspension="on"
action.resumeRetryCount="-1"
port="20514"
queue.maxdiskspace="5M"
queue.SaveOnShutdown="on"
queue.type="LinkedList"
target="server"
template="json"
type="omrelp"
)
}
ruleset(name="apps") {
call relp
stop
}
module(load="imfile")
input(type="imfile" file="/logs/apache/app1/app.log"
tag="group/app1" addMetadata="on" ruleset="apps"
PersistStateInterval="1")
input(type="imfile" file="/logs/apache/app2/app.log"
tag="group/app2" addMetadata="on" ruleset="apps"
PersistStateInterval="1")
ruleset(name="app_server1") {
set $!data!containerApps="app1,app2";
call relp
stop
}
input(type="imfile" file="/logs/server1/app1.log"
tag="group1/server1" addMetadata="on" ruleset="app_server1"
startmsg.regex="^####" readTimeout="5" PersistStateInterval="1")
input(type="imfile" file="/logs/server1/app2.log"
tag="group1/server1" addMetadata="on" ruleset="app_server1"
startmsg.regex="^####" readTimeout="5" PersistStateInterval="1")
ruleset(name="app_server2") {
set $!data!containerApps="app2,app3";
call relp
stop
}
input(type="imfile" file="/logs/server2/app2.log"
tag="group2/server2" addMetadata="on" ruleset="app_server2"
startmsg.regex="^####" readTimeout="5" PersistStateInterval="1")
input(type="imfile" file="/logs/server2/app3.log"
tag="group2/server2" addMetadata="on" ruleset="app_server2"
startmsg.regex="^####" readTimeout="5" PersistStateInterval="1")
With this configuration I'm getting messages like:
200 syslog 911 <133>2016-11-30T20:02:30.210405+01:00 my-rsyslog
logs/group/***FIELD NOT FOUND***: { "aapp": "***FIELD NOT FOUND***",
"file": "\/logs\/apache\/app1\/app.log", "group": "group", "msg":
"17 mar 2016 13:27:28,934 INFO REDACTED..." }
Why /aapp/ field isn't found?
Regards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.