Need help with line-breaking app.log

ani3223 — Wed, 18 Sep 2019 14:07:40 GMT

Have a feed coming in from App.logs, which I can't get to line-break properly.

Props.conf

[mq_error_logs]
CHARSET=UTF-8
MAX_TIMESTAMP_LOOKAHEAD=30
SHOULD_LINEMERGE=true
TIME_PREFIX=^
category=Application
disabled=false
pulldown_type=true
TIME_FORMAT= %m/%d/%Y %T
BREAK_ONLY_BEFORE_DATE = true

Actual result should look like this

Sample output breaks this:

9/18/2019 08:23:40 - Process(3504.7) User(MQSeriesQM) Program(amqbob0.exe)
Host(BOB002) Installation(Installation1)
VRMF(9.1.0.2) QMgr(BOB1QM)
Time(2019-09-18T13:23:40.175Z)
CommentInsert1(BOB1QM)
CommentInsert2(S0002430.LOG)

AMQ7467I: The oldest log file required to start queue manager BOB1QM is
S0002430.LOG.
EXPLANATION:
The log file S0002430.LOG contains the oldest log record required to restart
the queue manager. Log records older than this may be required for media
recovery.
ACTION:
You can move log files older than S0002430.LOG to an archive medium to release
space in the log directory. If you move any of the log files required to
recreate objects from their media images, you will have to restore them to
recreate the objects. An older log file is one with a numerically smaller log
number (but allowing for log number wrapping at 9999999).
----- amqBOBp0.c : 586 --------------------------------------------------------

But ending with this

into two sections:
Section1
9/18/2019 08:23:40 - Process(3504.7) User(MQSeriesQM) Program(amqbob0.exe)
Host(BOB002) Installation(Installation1)
VRMF(9.1.0.2) QMgr(BOB1QM)

Section2
Time(2019-09-18T13:23:40.175Z)
CommentInsert1(BOB1QM)
CommentInsert2(S0002430.LOG)

AM**67I: The oldest log file required to start queue manager BOB1QM is
S0002430.LOG.
EXPLANATION:
The log file S0002430.LOG contains the oldest log record required to restart
the queue manager. Log records older than this may be required for media
recovery.
ACTION:
You can move log files older than S0002430.LOG to an archive medium to release
space in the log directory. If you move any of the log files required to
recreate objects from their media images, you will have to restore them to
recreate the objects. An older log file is one with a numerically smaller log
number (but allowing for log number wrapping at 9999999).
----- amqBOBp0.c : 586 --------------------------------------------------------

Re: Need help with line-breaking app.log

richgalloway — Wed, 18 Sep 2019 14:27:04 GMT

Do the raw events arrive in multiple lines or a single line? Can you share raw data?

Re: Need help with line-breaking app.log

ani3223 — Wed, 18 Sep 2019 14:51:05 GMT

Yes, raw events arrive in multiple lines

Re: Need help with line-breaking app.log

zacharychristen — Wed, 18 Sep 2019 20:06:29 GMT

Use line breaker and also set should_linemerge set to false.

Like this:

[mq_error_logs]
CHARSET = UTF-8
category = Application
disabled = false
pulldown_type = true
TIME_PREFIX = ^
TIME_FORMAT = %m/%d/%Y %T
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)(\d+\/\d+\/\d+\s+\d+\:\d+\:\d+)
MAX_TIMESTAMP_LOOKAHEAD = 20

topic Re: Need help with line-breaking app.log in Getting Data In

Need help with line-breaking app.log

Re: Need help with line-breaking app.log

Re: Need help with line-breaking app.log

Re: Need help with line-breaking app.log