The timestamp and linebreaking doesn't seem to be working as expected. They are nagios/pnp4nagios logs.
I get a burst of events similar to the below data every few seconds/minutes and it seems the first line of each data burst is being recognized for the TIMET timestamp but all other events within that data burst aren't being handled correctly.
**TIMET::1506034709** = timestamp in epoch time
**DATATYPE::** = start/end of event
Data is sent in this format: **DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\t**
**Here's the data:**
DATATYPE::HOSTPERFDATA TIMET::1506034709 HOSTNAME::host1 HOSTPERFDATA::time=0.000342s;;;0.000000;20.000000 HOSTCHECKCOMMAND::check_tcp!255.255.25.25!443 HOSTSTATE::UP HOSTSTATETYPE::HARD HOSTOUTPUT::TCP OK - 0.000 second response time on 255.255.25.25 port 443
DATATYPE::HOSTPERFDATA TIMET::1506034713 HOSTNAME::host2 HOSTPERFDATA::time=0.000368s;;;0.000000;20.000000 HOSTCHECKCOMMAND::check_tcp!255.255.25.256!443 HOSTSTATE::UP HOSTSTATETYPE::HARD HOSTOUTPUT::TCP OK - 0.000 second response time on 255.255.25.256 port 443
**Here's the sourcetype config: - timestamp/linebreak**
[nagios:core:perfdata]
event_breaks: (I've tried auto and every line)
BREAK_ONLY_BEFORE = ([\r\n]+)DATATYPE
SHOULD_LINEMERGE = true
TIME_FORMAT = %s
TIME_PREFIX = TIMET::
lookahead 128
↧