1- # CISCO Switch filter, version 3.0.0
1+ # CISCO Switch filter, version 3.0.1
22# Based on https://www.cisco.com/c/en/us/support/ios-nx-os-software/index.html
33# and https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/17_xe/syslogs/17-15-x/b-system-message-guide-17-15-x.html
44# Support CISCO IOS from 15 SY to IOS XE v17
@@ -52,12 +52,7 @@ pipeline:
5252 - fieldName : log.ciscoMsg
5353 pattern : ' {{.greedy}}'
5454 source : log.msg
55- where :
56- variables :
57- - get : log.msg
58- as : msg
59- ofType : string
60- expression : ' (msg.contains("-MSG:SLOT") == false) && (msg.contains("-MSG: SLOT") == false)'
55+ where : ' (log.msg.contains("-MSG:SLOT") == false) && (log.msg.contains("-MSG: SLOT") == false)'
6156 # Extracting subfacility if present
6257 - grok :
6358 patterns :
@@ -66,12 +61,7 @@ pipeline:
6661 - fieldName : log.severity
6762 pattern : ' {{.integer}}'
6863 source : log.severity
69- where :
70- variables :
71- - get : log.msg
72- as : msg
73- ofType : string
74- expression : ' (msg.contains("-MSG:SLOT") == false) && (msg.contains("-MSG: SLOT") == false)'
64+ where : ' (log.msg.contains("-MSG:SLOT") == false) && (log.msg.contains("-MSG: SLOT") == false)'
7565 # --------------------------
7666 # Variant -> %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text
7767 - grok :
@@ -89,24 +79,14 @@ pipeline:
8979 - fieldName : log.ciscoMsg
9080 pattern : ' {{.greedy}}'
9181 source : log.msg
92- where :
93- variables :
94- - get : log.msg
95- as : msg
96- ofType : string
97- expression : ' msg.contains("-MSG:SLOT") || msg.contains("-MSG: SLOT")'
82+ where : ' log.msg.contains("-MSG:SLOT") || log.msg.contains("-MSG: SLOT")'
9883
9984 - trim :
10085 function : prefix
10186 substring : ' %'
10287 fields :
10388 - log.tmpFacilityMnemonic
104- where :
105- variables :
106- - get : log.msg
107- as : msg
108- ofType : string
109- expression : ' msg.contains("-MSG:SLOT") || msg.contains("-MSG: SLOT")'
89+ where : ' log.msg.contains("-MSG:SLOT") || log.msg.contains("-MSG: SLOT")'
11090 # %FACILITY-SEVERITY-MNEMONIC
11191 - grok :
11292 patterns :
@@ -117,12 +97,7 @@ pipeline:
11797 - fieldName : log.facilityMnemonic
11898 pattern : ' {{.data}}\:'
11999 source : log.tmpFacilityMnemonic
120- where :
121- variables :
122- - get : log.msg
123- as : msg
124- ofType : string
125- expression : ' msg.contains("-MSG:SLOT") || msg.contains("-MSG: SLOT")'
100+ where : ' log.msg.contains("-MSG:SLOT") || log.msg.contains("-MSG: SLOT")'
126101 # Extracting subfacility if present
127102 - grok :
128103 patterns :
@@ -131,12 +106,7 @@ pipeline:
131106 - fieldName : log.severity
132107 pattern : ' {{.integer}}'
133108 source : log.severity
134- where :
135- variables :
136- - get : log.msg
137- as : msg
138- ofType : string
139- expression : ' msg.contains("-MSG:SLOT") || msg.contains("-MSG: SLOT")'
109+ where : ' log.msg.contains("-MSG:SLOT") || log.msg.contains("-MSG: SLOT")'
140110
141111 # Cleaning common fields
142112 - trim :
@@ -169,34 +139,19 @@ pipeline:
169139 params :
170140 key : severity
171141 value : ' high'
172- where :
173- variables :
174- - get : log.severity
175- as : sev
176- ofType : string
177- expression : sev=="0" || sev=="1" || sev=="2" || sev=="3"
142+ where : log.severity=="0" || log.severity=="1" || log.severity=="2" || log.severity=="3"
178143 - add :
179144 function : ' string'
180145 params :
181146 key : severity
182147 value : ' medium'
183- where :
184- variables :
185- - get : log.severity
186- as : sev
187- ofType : string
188- expression : sev=="4"
148+ where : log.severity=="4"
189149 - add :
190150 function : ' string'
191151 params :
192152 key : severity
193153 value : ' low'
194- where :
195- variables :
196- - get : log.severity
197- as : sev
198- ofType : string
199- expression : sev=="5" || sev=="6" || sev=="7"
154+ where : log.severity=="5" || log.severity=="6" || log.severity=="7"
200155 # ......................................................................#
201156 # Removing unused fields
202157 - delete :
0 commit comments