The following examples describe some patterns that you can configure:
Pattern Without Custom Regular Expression
If you want to transform the input
vds
into JSON format, configure the following properties:
Entity Name. Enter a name for the transformation.
Pattern. Enter
%{WORD:myword}
When you deploy the data flow, you get the following output:
{"myword": [["vds"]]}
Pattern With Custom Regular Expression
If you want to transform the input
ABC
into JSON format, configure the following properties:
Entity Name. Enter a name for the transformation.
Pattern. Enter
%{ALLCAPS:capword}
Custom Regex. Enter
ALLCAPS=[A-Z]+
When you deploy the data flow, you get the following output:
{"capword":"ABC"}
Pattern to Convert a Log Line
If you want to transform the log line
Jul 9 22:41:51 myserver sshd[4295]: Failed password for invalid user myuser from 220.113.135.154 port 55993 ssh2
into JSON format, configure the following properties:
Entity Name. Enter a name for the transformation.
Pattern. Enter
%{SYSLOGTIMESTAMP:timestamp} %{HOSTNAME:host_target} sshd\[%{BASE10NUM}\]: Failed password for (invalid user |)%{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port} ssh2
When you deploy the data flow, you get the following output:
127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326
into JSON format, configure the following properties:
Entity Name. Enter a name for the transformation.
Pattern. Enter
%{COMMONAPACHELOG}
When you deploy the data flow, you get the following output:
{"COMMONAPACHELOG":[["127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET/apache_pb.gifHTTP/1.0" 200 2326"]],"clientip":[["127.0.0.1"]],"HOSTNAME":[["127.0.0.1"]],"IP":[[null]],"IPV6":[[null]],"IPV4":[[null]],"ident":[["-"]],"USERNAME":[["-","frank"]],"auth":[["frank"]],"timestamp":[["10/Oct/2000:13:55:36 -0700"]],"MONTHDAY":[["10"]],"MONTH":[["Oct"]],"YEAR":[["2000"]],"TIME":[["13:55:36"]],"HOUR":[["13"]],"MINUTE":[["55"]],"SECOND":[["36"]],"INT":[["-0700"]],"verb":[["GET"]],"request":[["/apache_pb.gif"]],"httpversion":[["1.0"]],"BASE10NUM":[["1.0","200","2326"]],"rawrequest":[[null]],"response":[["200"]],"bytes":[["2326"]]}
Pattern to Convert a log4j Log Line
If you want to transform the log line
2015-03-03 11:35:53,759 [WARN ] [lbm:Thread-27] Core-5688-1883: timer returned error 5 [CoreApi-5688-3337: lbm_socket_sendb send/sendto: (10049) The requested address is not valid in its context.
into JSON format, configure the following properties:
Entity Name. Enter a name for the transformation.
Pattern. Enter
%{TIMESTAMP_ISO8601} \[%{LOGLEVEL} %{GREEDYDATA}
When you deploy the data flow, you get the following output:
{"TIMESTAMP_ISO8601":[["2015-03-03 11:35:53,759"]],"YEAR":[["2015"]],"MONTHNUM":[["03"]],"MONTHDAY":[["03"]],"HOUR":[["11",null]],"MINUTE":[["35",null]],"SECOND":[["53,759"]],"ISO8601_TIMEZONE":[[null]],"LOGLEVEL":[["WARN"]],"GREEDYDATA":[["] [lbm:Thread-27] Core-5688-1883: timer returned error 5 [CoreApi-5688-3337: lbm_socket_sendb send/sendto: (10049) The requested address is not valid in its context."]]}