Solved: How to configure props.conf and transforms.conf to...

Norling80 · ‎03-05-2015

Hi guys.

I have a JBoss ServerLog that contains events with the following LogLevels:
INFO
WARNING
ERROR
SEVERE

I don't want to index events with LogLevel=INFO, how should my props.conf and transforms.conf look like?

gfuente · ‎03-05-2015

Thanks

Then you can use this config:

props.conf:

[yourjbosssourcetype]
 TRANSFORMS-info=eliminate-info

transforms.conf

[eliminate-info]
 REGEX=\d*\sINFO\s\[
 DEST_KEY=queue
 FORMAT=nullQueue

Regards

gfuente · ‎03-05-2015

Thanks

Then you can use this config:

props.conf:

[yourjbosssourcetype]
 TRANSFORMS-info=eliminate-info

transforms.conf

[eliminate-info]
 REGEX=\d*\sINFO\s\[
 DEST_KEY=queue
 FORMAT=nullQueue

Regards

Norling80 · ‎03-05-2015

Worked like a charm, with a minor update to the regex:

REGEX=\d*\sINFO\s+\[

Thanks you very much!

gfuente · ‎03-05-2015

Is would be useful if you add some sample events, as is needed to define a regex to filter out those events

regards

Norling80 · ‎03-05-2015

Sure, here you go. LogLevels in bold:

2015-03-05 09:49:45,994 +0100 INFO org.apache.cxf.services.ServerService.ServerPort.Server Inbound Message
2015-03-05 09:49:45,227 +0100 INFO LOG_gamings.system.GameServlet Redirecting the request from Game : gamename_mobile_html_sw to new game flow
2015-03-05 06:35:14,808 +0100 ERROR org.jboss.as.ejb3 javax.ejb.EJBTransactionRolledbackException:

ppablo · ‎03-05-2015

Hi @Norling80

Just wanted to follow up and see if @gfuente's answer below solved your question. If yes, don't forget to accept his answer and upvote it. Thanks!

Patrick

How to configure props.conf and transforms.conf to filter events with LogLevel=INFO to nullQueue?