[rsyslog-notify] Forum Thread: Re: TSV data into mongodb - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue May 12 22:13:14 CEST 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25576#p25576
Message:
----------
tokenized is probably newer than the version that you're running
[code:ujzb49jp]
# echo
"INFO,stream,play,2015-05-12,13:10:35,1383311350,clientip,-,3633,3497,0.084,081808,1,0,0,0,133581414,2360.859,081808,-,rtmp,rtmp://host/app/,https://host1/script/player.swf,app,1431450624"
|/usr/lib/lognorm/lognormalizer -r del5 -e json -T
{ "r4":
"2015-05-12,13:10:35,1383311350,clientip,-,3633,3497,0.084,081808,1,0,0,0,133581414,2360.859,081808,-,rtmp,rtmp:\/\/host\/app\/,https:\/\/host1\/script\/player.swf,app,1431450624",
"r3": "play", "r2": "stream", "r1": "INFO",
"event.tags": [ "csv" ] }
# cat del5
rule=csv:%r1:char-to:,%,%r2:char-to:,%,%r3:char-to:,%,%r4:rest%
# echo
"INFO,stream,play,2015-05-12,13:10:35,1383311350,clientip,-,3633,3497,0.084,081808,1,0,0,0,133581414,2360.859,081808,-,rtmp,rtmp://host/app/,https://host1/script/player.swf,app,1431450624"
|/usr/lib/lognorm/lognormalizer -r del5 -e json -T
{ "r4": "1431450624", "r1": [ "INFO", "stream", "play",
"2015-05-12", "13:10:35", "1383311350", "clientip", "-", "3633",
"3497", "0.084", "081808", "1", "0", "0", "0", "133581414",
"2360.859", "081808", "-", "rtmp", "rtmp:\/\/host\/app\/",
"https:\/\/host1\/script\/player.swf", "app" ],
"event.tags": [ "csv" ] }
# cat del5
rule=csv:%r1:tokenized:,:char-to:,%,%r4:rest%
[/code:ujzb49jp]
If you know how many fields there are (or even better, know names for the
fields), your approach of multiple fields listed separately is the best
approach.
More information about the rsyslog-notify
mailing list