1- # VMWare-ESXi, version 3.0.0
1+ # VMWare-ESXi, version 3.0.1
22#
33# Based on docs and real logs provided
44# Support VMWare-ESXi log
@@ -48,6 +48,33 @@ pipeline:
4848 pattern : ' \[{{.data}}\]:'
4949 - fieldName : log.message
5050 pattern : ' {{.greedy}}'
51+
52+ - grok :
53+ patterns :
54+ - fieldName : log.priority
55+ pattern : ' \<{{.data}}\>'
56+ - fieldName : log.deviceTime
57+ pattern : ' {{.year}}-{{.monthNumber}}-{{.monthDay}}T{{.time}}Z'
58+ - fieldName : origin.hostname
59+ pattern : ' {{.hostname}}'
60+ - fieldName : log.process
61+ pattern : ' {{.hostname}}'
62+ - fieldName : log.pid
63+ pattern : ' \[{{.data}}\]:'
64+ - fieldName : log.originIdComponent
65+ pattern : ' \[{{.data}}\]'
66+ - fieldName : log.message
67+ pattern : ' {{.greedy}}'
68+
69+ - grok :
70+ patterns :
71+ - fieldName : log.moduleIdentifier
72+ pattern : ' \[{{.data}}\@'
73+ - fieldName : log.irrelevant
74+ pattern : ' {{.data}}\='
75+ - fieldName : log.subModuleIdentifier
76+ pattern : ' {{.word}}\]'
77+ source : log.originIdComponent
5178
5279 # Removing unused caracters
5380 - trim :
@@ -61,6 +88,12 @@ pipeline:
6188 fields :
6289 - log.pid
6390 - log.eventInfo
91+ - log.moduleIdentifier
92+ - trim :
93+ function : prefix
94+ substring : ' -'
95+ fields :
96+ - log.message
6497 - trim :
6598 function : suffix
6699 substring : ' >'
@@ -78,8 +111,20 @@ pipeline:
78111 fields :
79112 - log.pid
80113 - log.eventInfo
114+ - log.subModuleIdentifier
115+ - trim :
116+ function : suffix
117+ substring : ' -'
118+ fields :
119+ - log.message
120+ - trim :
121+ function : suffix
122+ substring : ' @'
123+ fields :
124+ - log.moduleIdentifier
81125
82126 # Removing unused fields
83127 - delete :
84128 fields :
85- - log.processName
129+ - log.processName
130+ - log.irrelevant
0 commit comments