On Fri, 2012-03-23 at 08:48 +0100, Mikkel Leth Carlsen wrote:
> Hi
>
>
>
> Is it somehow possible to apply multiple templates to a single
> destination/file? My current setup is something along the lines of:
>
>
>
> destination dst_foo_1 {
>
> file("foo_1.log" template(template_foo_1));
>
> };
>
>
>
> destination dst_foo_2 {
>
> file("foo_2.log" template(template_foo_2));
>
> };
>
>
>
> template template_foo_1 {
>
> template(“$A $B $C”);
>
> };
>
>
>
> template template_foo_2 {
>
> template(“$D $E $F”);
>
> };
>
>
>
> log {
>
> source(src_udp);
>
> filter(filter_condition_1);
>
> parser(parser_foo);
>
> destination(dst_foo_1);
>
> flags(final);
>
> };
>
>
>
> log {
>
> source(src_udp);
>
> filter(filter_condition_2);
>
> parser(parser_foo);
>
> destination(dst_foo_2);
>
> flags(final);
>
> };
>
>
>
> However, I would really like to write log into a single file – but
> with two different templates depending on the matched filter. Is that
> possible? I don’t suppose pointing both destinations to the same file
> would be wise?
With template functions you can do this within your template using
$(if)
template("$(if filter(filter_condition_1) '$A $B $C' '$D $E $F'))");
Assuming that filter_condition_1 is false if filter_condition_2 is true.
If that's not the case it becomes slightly more complicated, needs an
embedded $(if):
template("$(if filter(filter_condition_1) '$A $B $C' $(if filter(filter_condition_2) '$D $E $F' 'unmatched')))");
For this I think you need 3.3
--
Bazsi