Following up on this, in case any random Googlers hit it: There's a non-documented UUID that can be modulo'd on after calling cnum. It's a tad hacky, since ascii causes processing to stop, but you should be able to get down to as small as 1/16th granularity. See here for the behavior of cnum on base16 numbers: https://github.com/rsyslog/rsyslog-doc/pull/224/commits/a5935ace3eec6c65c968d36f84f2723f69f03e27
On Mon, Mar 7, 2016 at 2:29 PM, Daniel Ellis <[email protected]> wrote: > Is it possible to define a ruleset that would send a percentage of > messages to an action? My first-pass idea at this is to define a ruleset > based on the modulus of the time. For instance, this works: > > if (field($timereported, 58, 3) % 2 == 0) then { > action( > type="omkafka" > topic="rsyslog" > confParam="compression.codec=snappy" > template="debug" > ) > } > > > Unfortunately, this requires the parsing out of the timereported field and > is limited to a granularity of one second. If I wanted to do something > like every 10% of messages, this would cause a burst in messages every 10 > seconds, rather than an even distribution across time. > > If I debug the field, I can see that microseconds appear to be provided: > > property(name="timereported" dateFormat="subseconds") > > > But I don't see a way to use this information in conditionals. > > My last-ditch effort will be to do a conditional based on a hostname, but > it's not ideal, for the sake of granularity. > > Is there any way to accomplish what I'd like to accomplish? > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
