Based on the following structured syslog, I am trying to extract the reason from the SDATA portion of the log.
2012-02-05T16:24:45.368 RT_FLOW - RT_FLOW_SESSION_CLOSE [
junos@2636.1.1.1.2.36
reason=\”unset\” ]
Problem I think I am running into is the value-pair that I am trying to extract includes the dots so the parser thinks its nested information
destination d_mongodb {
mongodb(
value-pairs(
scope("everything")
key(".SDATA.junos@2636.1.1.1.2.36.reason")
)
);
};
Thoughts? Any help is greatly appreciated.
Chris