diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2006-09-27 16:04:57 +0000 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2006-09-27 16:04:57 +0000 |
| commit | 189fc4defd88887e6055029c5ca7833f64f11915 (patch) | |
| tree | 42ca274357a53a4fcfe3e2e1779c4b8214458ca3 /doc/property_replacer.html | |
| parent | 64dc3591f4cd8a7eab27d689f2b8f5db4eb56517 (diff) | |
| download | rsyslog-189fc4defd88887e6055029c5ca7833f64f11915.tar.gz rsyslog-189fc4defd88887e6055029c5ca7833f64f11915.tar.xz rsyslog-189fc4defd88887e6055029c5ca7833f64f11915.zip | |
updated doc to reflect new field-delimiter configuration capability
Diffstat (limited to 'doc/property_replacer.html')
| -rw-r--r-- | doc/property_replacer.html | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/property_replacer.html b/doc/property_replacer.html index 10dba469..32cfceec 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -60,8 +60,16 @@ return the part of the property text that matches the regular expression. An example for a property replacer sequence with a regular expression is: "%msg:R:.*Sev:.
\(.*\) \[.*--end%"<br>
<p>
-<b>Also, extraction can be done based on so-called "fields"</b>. To do so, place
a "F" into FromChar. A field in its current definition is anything that is
delemited by TAB characters (US-ASCII value 9). If your syslog data is tabular,
this is a quicker way to extract than via regular expressions (actually, a *much*
quicker way). Field counting starts at 1. Field zero is accepted, but will
always lead to a "field not found" error. The same happens if a field number
higher than the number of fields in the property is requested. The field number
must be placed in the "ToChar" parameter. An example where the 3rd field from
the msg property is extracted is as follows: "%msg:F:3%".<p>
-Please note that the special characters "F" and "R" are case-sensitive. Only
upper case works, lower case will return an error.<br>
+<b>Also, extraction can be done based on so-called "fields"</b>. To do so, place
a "F" into FromChar. A field in its current definition is anything that is
delimited by a delimiter character. The delimiter by default is TAB (US-ASCII value 9).
+However, if can be changed to any other US-ASCII character by specifying a comma
+and teh <b>decimal</b> US-ASCII value of the delimiter immediately after the
+"F". For example, to use comma (",") as a delimiter, use this field specifier:
+"F,44". If your syslog data is delimited,
this is a quicker way to extract than via regular expressions (actually, a *much*
quicker way). Field counting starts at 1. Field zero is accepted, but will
always lead to a "field not found" error. The same happens if a field number
higher than the number of fields in the property is requested. The field number
must be placed in the "ToChar" parameter. An example where the 3rd field
+(delimited by TAB) from
the msg property is extracted is as follows: "%msg:F:3%". The same
+example with semicolon as delimiter is "%msg:F,59:3%".<p>
+Please note that the special characters "F" and "R" are case-sensitive. Only
upper case works, lower case will return an error. There are no white spaces
+permitted inside the sequence (that will lead to error messages and will NOT
+provide the intended result).<br>
<h2>Property Options</h2>
<b><code>property options</code></b> are case-insensitive. Currently, the following options
are defined:</p>
|