You can also use a regex interceptor to extract hostname from the message (assuming it's there) and put that in an event header. From there you can route and create partitions with the header.
On Wednesday, October 15, 2014, Hari Shreedharan <[email protected]> wrote: > The Multiport syslog source can add the port number on which the data was > received to the event headers. You can use with a multiplexing channel > selector to separate this to different channels. > > Thanks, > Hari > > > On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> Hi Guys, >> >> I'm trying to implement a system to archive syslogs using flume. I've >> played around with it a bit but haven't really been able to figure out a >> way to segregate logs according to the host they're coming from? Is there a >> way for me to add the hostname to the event header somehow? I can then use >> either an interceptor to read the header or even a custom sink to deal with >> events based on the hostname. >> >> -- >> Sharninder >> >> >
