This is an example of the machregex run screen.
This is a test that parses Syslog data into machregex using regular expressions.
In the above example, machregex parses the syslog text file into the given regular expression and splits it into six tokens. To use 0, 4, or 5 of these tokens as database input, use the COL_LIST variable in the template file to associate the token with the database column.
Example of Creating Custom Template
In this chapter, we will use a sample text log file to create a collector template that collects data from this file.
The input sample text file looks like this:
The above sample file can be converted into three columns: tm, user, and msg. The data type of each column can be specified as datetime, varchar (16), varchar (512).
Example of Creating Regular Expression
Creating Regular Expression
\[([0-9-: ]+)\]: First, date data enclosed in square brackets comes in. The following expressions are used to retrieve only the numeric values inside the tokens except for the square brackets.
(\S+): Second, user name data comes in, and strings excluding blanks are input.
([^\0]*): Third, string is entered to the end.
\[([0-9-: ]+)\]\s(\S+)\s+([^\0]*): Combines the space between the three tokens.
"\\[([0-9-: ]+)\\]\\s(\\S+)\\s+([^\\0]*)": Processes double slashing to use strings in the shell.
"^\\[": New line regular expression is a square bracket at the beginning of time.
Checking Regular Expression
After checking that the generated regular expression is parsed normally through the above process, if there is no problem in parsing, write rgx file for regular expression and column binding as follows. This file is written in
$MACHBASE_HOME/collector/custom.tpl is copied to the
$MACHBASE_HOME/collector/test.tpl name and modifies the file as follows:
Create a "myclt" collector and run it.
TESTTABLE was not created to record the input data.
Writes the error of the collector to the trace file and generates trace file to solve the error. Execute the following command to create a trace file.
Problem Detection/Resolution Through Trace Log
If there is an error when running the Collector, you can look for the
$MACHBASE_HOME/trc/machbase.trc file and look for database execution errors. If an error occurs in the collector, you must run collector in TRACE mode.
Looking at the above message, the table creation query failed because the user set to the column name is not a built-in keyword and can not be used as a column name. Therefore, in the COL_LIST section of the rgx file, change the user column to myuser and run the collector again.
Rerun it with the modified rgx file.
If executed normally, the collector can query the contents of the table in which the data is stored.