[syslog-ng] group-by() send all messages to destination() ?
Fabien Wernli
wernli at in2p3.fr
Wed Oct 2 07:40:21 UTC 2019
Hi Jason,
You can use the `$(context-length)` function to get the first
message, but that won't help you as you can't (AFAIK) loop through the
backref index. What you might be able to do is use the `$(grep)` function
maybe it's possible to make it return all matches ?
If grouping-by() can't do it, patterndb does: it allows for using the
`value` parameter (as in `aggregate()`) for every matching message in the
context, not only in the last one. Thus you can concatenate the values of a
macro, e.g. in order to collect all `HOST` macros in a given context.
I'd open a github issue in order to allow for using `value` in every message
matching the context, which sounds like a very useful addition to me.
cheers
More information about the syslog-ng
mailing list