Hi All,
I'm trying to search for start up and shutdown message of AWS instances and build a nice table. On my test instance, the first message on the /var/log/message is the following line when I run 'earliest=-4h@h "start" | regex _raw="rsyslogd:.*" | table _raw'
Mar 16 14:42:58 ip-10-0-0-2 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="899" x-info="http://www.rsyslog.com"] start
I'd like to break this down and just keep.
_time, IP, Command
timestamp, 10.0.0.2, Start
Am I going about this the wrong way?
↧