[rsyslog-notify] Forum Thread: Re: TSV data into mongodb - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue May 12 20:31:43 CEST 2015
User: toddaa
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25575#p25575
Message:
----------
I attempted to use the exact same rule and cmd as you (your second approach
which you showed matched the first field). Unfortunately, it looks like I
do not get get a match.
[code:34ayt007]# cat tsv
rule=:%fields:tokenized:\\t:char-to:\\%\\t%test:word%
# echo
"INFO\tstream\tplay\t2015-05-12\t10:56:27\t409963998\tclientip\t-\t3633\t3497\t0.081\t081808\t1\t0\t0\t0\t133581414\t2360.859\t081808\t-\trtmp\trtmp://host/app/\thttps://host1/script/player.swf\tapp\t1431442560"
| /usr/bin/lognormalizer -r tsv -e json -T
{"originalmsg":
"INFO\\tstream\\tplay\\t2015-05-12\\t10:56:27\\t409963998\\tclientip\\t-\\t3633\\t3497\\t0.081\\t081808\\t1\\t0\\t0\\t0\\t133581414\\t2360.859\\t081808\\t-\\trtmp\\trtmp://host/app/\\thttps://host1/script/player.swf\\tapp\\t1431442560",
"unparsed-data":
"INFO\\tstream\\tplay\\t2015-05-12\\t10:56:27\\t409963998\\tclientip\\t-\\t3633\\t3497\\t0.081\\t081808\\t1\\t0\\t0\\t0\\t133581414\\t2360.859\\t081808\\t-\\trtmp\\trtmp://host/app/\\thttps://host1/script/player.swf\\tapp\\t1431442560"}
[/code:34ayt007]
More information about the rsyslog-notify
mailing list