hi
i have difficulties to understandand whats exacty do the field DEST_KEY and FORMAT on my host in stanza 1 and FORMAT in stanza 2
I have read the documentation but.....
Thanks in advance
[rfc5424_host]
DEST_KEY = MetaData:Host
REGEX = <\d+>\d{1}\s{1}\S+\s{1}(\S+)
FORMAT = host::$1
[host_as_src]
SOURCE_KEY = host
REGEX = (.+)
FORMAT = src::"$1
Hi
in 1st case DEST_KEY define that value of REGEX (inside()) will put into host field. That seems to be a host value in syslog feed, based on your REGEX.
In 2nd example, I think that you have additional “ on your stanza? Basically it take host field and copy it’s content to src field.
r. Ismo
Hi
in 1st case DEST_KEY define that value of REGEX (inside()) will put into host field. That seems to be a host value in syslog feed, based on your REGEX.
In 2nd example, I think that you have additional “ on your stanza? Basically it take host field and copy it’s content to src field.
r. Ismo