on Nov 24, 2015Hello,
I want to exclude certain events coming from a certain event source. That event source is being captured with sFTP.
Here is an example of what I want to do:
Events in log file
DEBUG: Fault in module A ...
SYSTEM: Logon using...
SYSTEM: Entry deleted in...
DEBUG: Fault in module B ...
INFO: The system was...
Events I want to keep
SYSTEM: Logon using...
SYSTEM: Entry deleted in...
It seems to exist a tag I can use in typespec file, skipLineFilter. Anyone having any info on this? As of :
- using static text instead of regex in skipLineFilterType
- using mulitple skipLineFilter ( <skipLineFilter>^DEBUG.*$</skipLineFilter><skipLineFilter>^INFO.*$</skipLineFilter>)
Also, that one I have absolutely no idea what it's all about but seems a good candidate for me: eventStartFilter
Or does anybody know another way I can filter out those events?
I figure it out.
<skipLineFilter>^((DEBUG)|(INFO)).*$</skipLineFilter>
<skipLineFilterType>regex</skipLineFilterType>