rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-19 10:20:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
rsyslog/contrib/mmgrok
History
Michael Biebl 6569133c75
Typo fixes (#4801) 
* typo fix: ambigious -> ambiguous

* typo fix: aquire -> acquire

* typo fix: assgined -> assigned

* typo fix: cancelation -> cancellation

* typo fix: childs -> children

* typo fix: configuraton -> configuration

* typo fix: delemiter -> delimiter

* typo fix: forwardig -> forwarding

* typo fix: initializiation -> initialization

* typo fix: intializing -> initializing

* typo fix: lengh -> length

* typo fix: mesage -> message

* typo fix: occured -> occurred

* typo fix: occurence -> occurrence

* typo fix: paramter -> parameter

* typo fix: remaing -> remaining

* typo fix: resetted -> reset

* typo fix: suppored -> supported

* typo fix: Sytem -> System

* typo fix: uncommited -> uncommitted

* typo fix: depricated -> deprecated

* typo fix: stoping -> stopping

* type fix: allow to -> allow one to
2022-02-17 10:54:12 +01:00
..
Makefile.am
cosmetic: build system still used JSON_C name
2017-05-16 11:05:57 +02:00
mmgrok.c
Typo fixes (#4801)
2022-02-17 10:54:12 +01:00
README
fix spelling errors in text files
2019-12-26 17:37:14 +01:00

README

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Grok Message Modify Plugin

Using hundreds of grok patterns from logstash-patterns-core.

Build

This plugin requires libfastjson (always present in rsyslog core), glib2, and grok packages.

If you use RH/CentOS/Fedora, you'll have to build grok rpms by yourself as follow:

    sudo yum install -y yum-utils rpmdevtools
    git clone git@github.com:jordansissel/grok.git
    mkdir -p ~/rpmbuild/SPECS/; cp grok/grok.spec.template ~/rpmbuild/SPECS/grok.spec
    (mkdir -p ~/rpmbuild/SOURCES/; cd ~/rpmbuild/SOURCES/; spectool -g ../SPECS/grok.spec)
    sudo yum-builddep ~/rpmbuild/SPECS/grok.spec
    rpmbuild -bb ~/rpmbuild/SPECS/grok.spec
    # use yum command instead of rpm, because grok depends on libevent, pcre, tokyocabinet
    sudo yum install -y libjson-c-devel glib2-devel ~/rpmbuild/RPMS/x86_64/grok*.rpm

Example

module(load="mmgrok")
template(name="tmlp" type="string" string="%$!msg!test%\n")
action(type="mmgrok" patterndir="path/to/yourpatternsDir" match="%{WORD:test}" source="msg" target="!msg")
action(type="omfile"  file="path/to/file" template="tmlp")

Description

patterndir: path to grok patterns dir, default: /usr/share/grok/patterns/base
matchthe pattern used to match message
source: the source message/variable to be matched
target: the root path to write the captured json tree