Hello Guru,
I would like to do "log to metric" on unstructured data. Let's say the data is "access_combined.log".
I would like to extract last 3 digit as "code" file name.
On FW,
inputs.conf
[monitor:///home/ec2-user/access_combined.log]
index = metric_test
sourcetype = metric_access
props.conf
[metric_access]
TRANSFORMS-metricname = metric_name
TRANSFORMS-metricvalue = metric_value
METRIC-SCHEMA-TRANSFORMS = metric-schema:extract_metrics
transforms.conf
[metric_name]
REGEX = (.*)
FORMAT = $1 metric_name::code
WRITE_META = true
[metric_value]
REGEX = (\d+)$
FORMAT = _value::$1
WRITE_META = true
[metric-schema:extract_metrics]
METRIC-SCHEMA-MEASURES-queue = _ALLNUMS_
What's wrong with this?
↧
