field()¶
Purpose¶
field(str, delim, matchnbr)
Returns a field-based substring. str is the string to search, delim is the delimiter and matchnbr is the match to search for (the first match starts at 1). This works similar as the field based property-replacer option. Versions prior to 7.3.7 only support a single character as delimiter character. Starting with version 7.3.7, a full string can be used as delimiter. If a single character is being used as delimiter, delim is the numerical ascii value of the field delimiter character (so that non-printable characters can by specified). If a string is used as delimiter, a multi-character string (e.g. “#011”) is to be specified.
Note
When a single character is specified as string
field($msg, ",", 3) a string-based extraction is done, which is
more performance intensive than the equivalent single-character
field($msg, 44 ,3) extraction.
Example¶
With ascii value of the field delimiter¶
Following example returnes the third field delimited by space. In this example $msg will be “field1 field2 field3 field4”.
set $!usr!field = field($msg, 32, 3);
produces
"field3"
With a string as the field delimiter¶
This example returnes the second field delimited by “#011”. In this example $msg will be “field1#011field2#011field3#011field4”.
set $!usr!field = field($msg, "#011", 2); -- the second field, delimited by "#011"
produces
"field2"
See also
Help with configuring/using Rsyslog:
- Mailing list - best route for general questions
- GitHub: rsyslog source project - detailed questions, reporting issues
that are believed to be bugs with
Rsyslog - Stack Exchange (View, Ask) - experimental support from rsyslog community
See also
Contributing to Rsyslog:
- Source project: rsyslog project README.
- Documentation: rsyslog-doc project README