Need information on this.I am using the CSV-PARSER and I want to put a condition that if a column is empty do not apply the CSV-PARSER but write the line. Primarily i get the application logs and i dont want to apply the CSV-Parser on those log lines where the whole error stack is there. Can someone help on this?? -- Kaladhar
Use two log statements, with filters that control whether a specific message us to be parsed or not. On Mar 31, 2014 8:49 PM, "Justin B" <justinkala@gmail.com> wrote:
Need information on this.I am using the CSV-PARSER and I want to put a condition that if a column is empty do not apply the CSV-PARSER but write the line. Primarily i get the application logs and i dont want to apply the CSV-Parser on those log lines where the whole error stack is there. Can someone help on this??
-- Kaladhar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi can the template function in indent-multi-line be used on custom macros (macros i defined using a delimiter on the Apache logs. I see this example in Admin Guide: Example 11.6. Using the indent-multi-line template function The following example writes multi-line messages into a text file. destination d_file { file ("/var/log/messages" template("${ISODATE} ${HOST} $(indent-multi-line ${MESSAGE})\n") ); }; But I want to apply on the custom macros not like the $MESSAGE given in the example Thanks Kaladhar On Mon, Mar 31, 2014 at 5:34 PM, Balazs Scheidler <bazsi77@gmail.com> wrote:
Use two log statements, with filters that control whether a specific message us to be parsed or not. On Mar 31, 2014 8:49 PM, "Justin B" <justinkala@gmail.com> wrote:
Need information on this.I am using the CSV-PARSER and I want to put a condition that if a column is empty do not apply the CSV-PARSER but write the line. Primarily i get the application logs and i dont want to apply the CSV-Parser on those log lines where the whole error stack is there. Can someone help on this??
-- Kaladhar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Kaladhar
Primarily what I am trying to achieve is I apply CSV-PARSER on the apache logs and separate into custom macros .One of the column contains the Application supplied message which might contain the whole error stack. i want those error stack lines not to be parsed by CSV-PARSER but left overas it is. Can you provide the Example as well. Thank you and highly appreciate your help On Tue, Apr 1, 2014 at 2:10 PM, Justin B <justinkala@gmail.com> wrote:
Hi
can the template function in indent-multi-line be used on custom macros (macros i defined using a delimiter on the Apache logs. I see this example in Admin Guide: Example 11.6. Using the indent-multi-line template function
The following example writes multi-line messages into a text file.
destination d_file { file ("/var/log/messages" template("${ISODATE} ${HOST} $(indent-multi-line ${MESSAGE})\n") ); };
But I want to apply on the custom macros not like the $MESSAGE given in the example
Thanks Kaladhar
On Mon, Mar 31, 2014 at 5:34 PM, Balazs Scheidler <bazsi77@gmail.com>wrote:
Use two log statements, with filters that control whether a specific message us to be parsed or not. On Mar 31, 2014 8:49 PM, "Justin B" <justinkala@gmail.com> wrote:
Need information on this.I am using the CSV-PARSER and I want to put a condition that if a column is empty do not apply the CSV-PARSER but write the line. Primarily i get the application logs and i dont want to apply the CSV-Parser on those log lines where the whole error stack is there. Can someone help on this??
-- Kaladhar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Kaladhar
-- Kaladhar
Any idea on what to do with this.After parsing I see that the error stack or the exception lines in the application message is not logged Highly appreciate your help On Tue, Apr 1, 2014 at 2:13 PM, Justin B <justinkala@gmail.com> wrote:
Primarily what I am trying to achieve is I apply CSV-PARSER on the apache logs and separate into custom macros .One of the column contains the Application supplied message which might contain the whole error stack. i want those error stack lines not to be parsed by CSV-PARSER but left overas it is.
Can you provide the Example as well. Thank you and highly appreciate your help
On Tue, Apr 1, 2014 at 2:10 PM, Justin B <justinkala@gmail.com> wrote:
Hi
can the template function in indent-multi-line be used on custom macros (macros i defined using a delimiter on the Apache logs. I see this example in Admin Guide: Example 11.6. Using the indent-multi-line template function
The following example writes multi-line messages into a text file.
destination d_file { file ("/var/log/messages" template("${ISODATE} ${HOST} $(indent-multi-line ${MESSAGE})\n") ); };
But I want to apply on the custom macros not like the $MESSAGE given in the example
Thanks Kaladhar
On Mon, Mar 31, 2014 at 5:34 PM, Balazs Scheidler <bazsi77@gmail.com>wrote:
Use two log statements, with filters that control whether a specific message us to be parsed or not. On Mar 31, 2014 8:49 PM, "Justin B" <justinkala@gmail.com> wrote:
Need information on this.I am using the CSV-PARSER and I want to put a condition that if a column is empty do not apply the CSV-PARSER but write the line. Primarily i get the application logs and i dont want to apply the CSV-Parser on those log lines where the whole error stack is there. Can someone help on this??
-- Kaladhar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Kaladhar
-- Kaladhar
-- Kaladhar
Well, you should extract the csv fields first, and then have that parsed via csvparser. On Apr 1, 2014 8:13 PM, "Justin B" <justinkala@gmail.com> wrote:
Primarily what I am trying to achieve is I apply CSV-PARSER on the apache logs and separate into custom macros .One of the column contains the Application supplied message which might contain the whole error stack. i want those error stack lines not to be parsed by CSV-PARSER but left overas it is.
Can you provide the Example as well. Thank you and highly appreciate your help
On Tue, Apr 1, 2014 at 2:10 PM, Justin B <justinkala@gmail.com> wrote:
Hi
can the template function in indent-multi-line be used on custom macros (macros i defined using a delimiter on the Apache logs. I see this example in Admin Guide: Example 11.6. Using the indent-multi-line template function
The following example writes multi-line messages into a text file.
destination d_file { file ("/var/log/messages" template("${ISODATE} ${HOST} $(indent-multi-line ${MESSAGE})\n") ); };
But I want to apply on the custom macros not like the $MESSAGE given in the example
Thanks Kaladhar
On Mon, Mar 31, 2014 at 5:34 PM, Balazs Scheidler <bazsi77@gmail.com>wrote:
Use two log statements, with filters that control whether a specific message us to be parsed or not. On Mar 31, 2014 8:49 PM, "Justin B" <justinkala@gmail.com> wrote:
Need information on this.I am using the CSV-PARSER and I want to put a condition that if a column is empty do not apply the CSV-PARSER but write the line. Primarily i get the application logs and i dont want to apply the CSV-Parser on those log lines where the whole error stack is there. Can someone help on this??
-- Kaladhar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Kaladhar
-- Kaladhar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Balazs Scheidler
-
Justin B