AnsweredAssumed Answered

Lua Parser for Logs

Question asked by Omar Garcia Gilio on Aug 29, 2017
Latest reply on Aug 29, 2017 by Thomas Jones

Hello.

I want make lua parser for this kind of message logs:

%AURIS: login|2017-08-26 17:20:00|ogarciag
%AURIS: logout|2017-08-26 16:22:00|ogarciag
%AURIS: failed|2017-08-26 16:25:00|ogarciag

 

So far I got this:

 

local AurisParser = nw.createParser("auris_parser", "Parser de prueba AURIS")
AurisParser:setKeys({
    nwlanguagekey.create("device.type"),
    nwlanguagekey.create("msg.id"),
    nwlanguagekey.create("event.time"),
    nwlanguagekey.create("user.dst"),
    nwlanguagekey.create("msg"),
})
function AurisParser:GetMetas(token, first, last)
    -- nw.logInfo("Log_Device_match")
    local sepchar = "|"
    -- Capturamos log raw
    local payload = nw.getPayload()
    -- meta device.type
    local mycad = payload:tostring(first + 1, last - 2)
    nw.createMeta(self.keys["device.type"],mycad)
    -- meta msg.id
    local myindx = payload:find(sepchar, last + 1)
    mycad = payload:tostring(last + 1, myindx - 1)
    nw.createMeta(self.keys["msg.id"],mycad)

 

    -- meta event.time
    mycad = payload:tostring(myindx + 1, payload:find(sepchar, myindx + 1) - 1)
    myindx = payload:find(sepchar, myindx + 1)
    nw.createMeta(self.keys["event.time"],mycad)
    -- meta user.dst
    mycad = payload:tostring(myindx + 1, payload:len())
    nw.createMeta(self.keys["user.dst"],mycad)

 

    -- meta msg
    mycad = payload:tostring(last + 1, payload:len())
    nw.createMeta(self.keys["msg"],mycad)
end
AurisParser:setCallbacks({
    ["^%%AURIS: "] = AurisParser.GetMetas,
})

 

I get the metas I want, even can make a report, but why still seen the "unknown" device?

 

I really appreciate your help.

Outcomes