[syslog-ng] patterndb and context - access fields from initial message
Balazs Scheidler
bazsi77 at gmail.com
Wed Jul 9 00:42:44 CEST 2014
I think we should rather use a template function that operates on the
entire context. I wouldn't use indexing any further than we have now,
unless there's a very specific usecase. In the current one, the issue is
that we don't know how many messages there are, If I understand correctly.
On Tue, Jul 8, 2014 at 6:02 PM, Tusa Viktor <tusavik at gmail.com> wrote:
> Hi!
>
> I think, the negative notation could solve this situation eg.: $MACRO at -N
> would mean the first Nth message in the context and not the last Nth. I
> checked the code and it is not terrible hard to implement. I can make a PoC
> for you in the next week, if you would like to test it.
>
> Regards,
> Viktor
>
>
> On Tue, Jul 8, 2014 at 11:54 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
>
>> Hi,
>>
>> I'm AFK for a while but did you check out the `grep` template function?
>>
>> Cheers
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140709/b45ef337/attachment.htm
More information about the syslog-ng
mailing list