-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathextractor-nsxedge.json
74 lines (74 loc) · 1.84 KB
/
extractor-nsxedge.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
{
"extractors": [
{
"title": "nsxedge_get_json",
"extractor_type": "json",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"list_separator": ", ",
"kv_separator": "=",
"key_prefix": "nsxedge_",
"key_separator": "_",
"replace_key_whitespace": false,
"key_whitespace_replacement": "_"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "nsxegde_text_grok",
"extractor_type": "grok",
"converters": [],
"order": 1,
"cursor_strategy": "copy",
"source_field": "nsxedge_text",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{NSXEDGE_SYSLOG}",
"named_captures_only": true
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "timestamp_from_iso",
"extractor_type": "copy_input",
"converters": [
{
"type": "date",
"config": {
"date_format": "yyyy-MM-dd'T'HH:mm:ss.SSS",
"time_zone": "UTC",
"locale": "und"
}
}
],
"order": 2,
"cursor_strategy": "copy",
"source_field": "nsxedge_timestamp_iso",
"target_field": "timestamp",
"extractor_config": {},
"condition_type": "none",
"condition_value": ""
},
{
"title": "nsxedge_message_grok",
"extractor_type": "grok",
"converters": [],
"order": 9,
"cursor_strategy": "copy",
"source_field": "nsxedge_message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{NSXEDGE_INET}",
"named_captures_only": true
},
"condition_type": "none",
"condition_value": ""
}
]
}