Hi Anwar,

I am not sure what’s wrong with your extraprocessor, but I am pretty aware that my sample is working properly, as I tested it many times, and then publiced it.

Have in mind, that if you are using .csv as the output format, you need to define which fields will be printed in that output .csv file. By default, only a limited number of fields are printed, and these fields might not be what you want to see. Therefore, change .properties file, and choose fields that you are processing in your extraprocessor files.

Beside that, I cannot help you, as I am a little bit bussy, and do not have time. Sorry

Milan

Hi Marcony,

I am going through this sample project in my lab but i found that it is not working properly.

There are some logs which are not parsed by the parser. It creates event in .csv with real timestamp (not from log file) and not a single field is populated for this event.

I am using this method for different log format. However, in my case only first extraprocessor parser is considered by connector and whole file is parsed using that extraprocessor parser.

Is there any change that we have to do in agent.properties file, so that this issue can be solved.

Please give me proper solution ASAP!!!!!

Thanks Marcony for the good document, This explains extra processor technique simple and very clear. Great Job !!!!

Thanks Marcony, this is very useful....u did a very gr8 job..

This is useful. I am working on a slightly more complex one. It is a syslog subagent with extraprocessors. Search Answer ID 3589 in the knowledgebase for more on extra processors.

The issue I am having is in setting conditionvalues. It works fine for Strings but not for IP addresses, even when using the type conversion functions.

Anyone have a similar experience or can provide suggestions?