Re: [rsyslog] Anyone have any good guides for the specific regex format/syntax required for re_extract() ?

Liblognorm is love, Liblognorm is life To Echo Dave, $currentjob uses REK to provided services to various $client at anywhere from 60-80k mps in realtime, plus spikes upwards of over 100k mps. For redundancy (load balancing - waste not want not) we use two nodes for the rsyslog but one node could

Re: [rsyslog] Anyone have any good guides for the specific regex format/syntax required for re_extract() ?

On Wed, 21 Feb 2018, deoren wrote: On 2/20/2018 6:58 PM, David Lang wrote: On 2/20/2018 6:39 PM, deoren wrote: In this case, my specific goal is to look for log messages containing "SPECIFIC_PATTERN_HERE" (as shown in sample log message) and if a match is found parse the message to pull out

Re: [rsyslog] Anyone have any good guides for the specific regex format/syntax required for re_extract() ?

On 2/20/2018 10:28 PM, Andrew Griffin via rsyslog wrote: I’ll second David and say that mmnormalize is your better option. Though whenever I get in a discussion about troubleshooting regex I always make a point to recommend the Regex Rx app (if you’re a Mac user): https://itunes.apple.com/us/

Re: [rsyslog] Anyone have any good guides for the specific regex format/syntax required for re_extract() ?

On 2/20/2018 6:58 PM, David Lang wrote: On 2/20/2018 6:39 PM, deoren wrote: >> I've read that mmnormalize is recommended over regexes for performance reasons, but I have little experience with liblognorm (other than knowing it exists). Am I better off writing a few regex matches like I'm doin

Re: [rsyslog] Anyone have any good guides for the specific regex format/syntax required for re_extract() ?

On 2/20/2018 6:50 PM, David Lang wrote: you really should look at using mmnormalize to extract fields from the logs, it's FAR faster. Will do. I was looking over the liblognorm doc last night and it makes a little sense. The v2 options look to have expanded the support quite a bit, at the cos

Re: [rsyslog] Question regarding imfile Input Parameters

What do you think of these potential changes to the description? https://github.com/rsyslog/rsyslog-doc/pull/584/files Does that make the coverage any clearer, or worse? On 2/21/2018 3:20 AM, putcha narayana via rsyslog wrote: Thank you David Lang for a quick response. Appreciate it. Lak. __

Re: [rsyslog] Question regarding imfile Input Parameters

Thank you David Lang for a quick response. Appreciate it. Lak. From: David Lang Sent: Wednesday, February 21, 2018 8:47 AM To: putcha narayana via rsyslog Cc: putcha narayana Subject: Re: [rsyslog] Question regarding imfile Input Parameters imfile assumes that e

Re: [rsyslog] Question regarding imfile Input Parameters

imfile assumes that everything in the file is the message content, no tag, no facility, no severity. so the tag, facility and severity need to be set, whatever you set gets applied to every line David Lang ___ rsyslog mailing list http://lists.adisc