Return to
Portfolio

25.8. Filtering Messages

Message filtering is a process where only some of the received messages are kept. Filtering is possible using regular expressions or other operators using any of the fields.

Use the drop() procedure in an Exec directive to conditionally discard messages.

Example 92. Using drop() to Discard Unmatching Messages

In this example, any line that matches neither of the two regular expressions will be discarded with the drop() procedure. Only lines that match at least one of the regular expressions will be kept.

nxlog.conf [Download file]

  
1
2
3
4
5
6
7
8
9
10
11
12
13
14


  
<Input file>
    Module  im_file
    File    "/var/log/myapp/*.log"
    Exec    if not ($raw_event =~ /failed/ or $raw_event =~ /error/) drop();
</Input>

<Output out>
    Module  om_file
    File    "/var/log/myapp/errors.txt"
</Output>

<Route r>
    Path    file => out
</Route>

← Previous: Extracting Data | ↑ Up: Processing Logs | ⌂ Home: NXLog User Guide | Next: Format Conversion →