I have a ruleset that attempts to output to omfile, omkafka and
omelasticsearch. All of the events are received on imtcp. I'm
attempting to discard some of the events for omfile. I was trying to
do something like the following:
ruleset(name="process_events" {
if $msg !contains "unwanted space delimited string" then {
action(type="omfile"
<snip>
)
}
action(type="omkafka"
<snip>
)
action(type="omelasticsearch"
<snip>
)
}
It seems !contains is being misinterrupted, and that the only events
omfile processes are events containing "unwanted space delimited
string". I assume contains can work on strings with spaces. I'm
wondering what I have wrong with the above.
This is on rsyslog-8.1910.0-0adiscon1xenial1
Mark Christian
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
