FlexConnector Error : Regex file for handling long message

Hi All,

I tried to create Regex configuration for below event.

"2014-02-12 10:35:11,258  ; UserId:26; Message:Alert BPM Alert (id: d800120df270de4543f2163ebc44c5e8) was updated with these details:

Trigger Condition:Send the alert if transactions fail  or transactions response time is greater than 10 seconds  or transactions response time relative to configured thresholds is as specified  when trigger conditions occur even once."

For above event i declared three tokens and below is config file. When i run the standalone application,

But in my CEF output file, i am getting three logs. Means, Message information is splitted into two more logs as below.


1. Message:Alert BPM Alert (id: d800120df270de4543f2163ebc44c5e8) was updated with these details:

2. Trigger Condition:Send the alert if transactions fail

3. or transactions response time is greater than 10 seconds

4. or transactions response time relative to configured thresholds is as specified  when trigger conditions occur even once.


Below is my Regex file. Please advise anything i need to change.

# FlexAgent Regex Configuration File

do.unparsed.events=true

regex=(\\d \\-\\d \\-\\d \\d\\d\:\\d\\d\:\\d\\d,\\d )  ; UserId\:(\\d ); (.*)\\.

token.count=3

token[0].name=Time_Of_Event

token[0].type=TimeStamp

token[0].format=yyyy-MM-dd HH\:mm\:ss,SSS

token[1].name=UserId

token[1].type=String

token[2].name=Message

token[2].type=String

#submessage.messageid.token=

#submessage.token=

event.name=Message

event.deviceReceiptTime=Time_Of_Event

event.sourceUserId=UserId

#l10n.filename.prefix=

Thanks

Jayakrishnan

.

Parents
  • Hi Karthi,

    I used below two lines.

    multiline.starts.regex=\\d \\-\\d \\-\\d \\d\\d\:\\d\\d\:\\d\\d,\\d (.*)

    regex=(\\d \\-\\d \\-\\d \\d\\d\:\\d\\d\:\\d\\d,\\d )\\s ;\\s UserId\\\:(\\d )\\;\\s (.*\\s .*)

    It works perfectly for my original log file which has multi line events and tab spaces inbetween.

    Thanks a lot for your advise,

    Jayakrishnan

Reply
  • Hi Karthi,

    I used below two lines.

    multiline.starts.regex=\\d \\-\\d \\-\\d \\d\\d\:\\d\\d\:\\d\\d,\\d (.*)

    regex=(\\d \\-\\d \\-\\d \\d\\d\:\\d\\d\:\\d\\d,\\d )\\s ;\\s UserId\\\:(\\d )\\;\\s (.*\\s .*)

    It works perfectly for my original log file which has multi line events and tab spaces inbetween.

    Thanks a lot for your advise,

    Jayakrishnan

Children
No Data