Hi All,
My application event log contains events in this format:
12/20/2017 11:08:50 AM - ProlexicService - DEBUG - new value added to event array : {
** "eventEndTime": 1513701199,**
** "eventInfo": {**
** "attackId": "01fbm--159.50.252.79:gaz_au:WARN:1513701120:fbm2.3",**
** "lastOccurred": 1513701199**
** },**
** "eventStartTime": 1513701120,**
** "eventTitle": "Traffic Anomaly Detected for gaz_au, destination_ip 159.50.252.79 with top talker DRAFT_AU",**
** "eventType": "alert",**
** "isOngoing": false,**
** "service": "fbm",**
** "severity": 60**
}
12/20/2017 11:08:50 AM - ProlexicService - DEBUG - new value added to event array : {
** "eventEndTime": 1513763354,**
** "eventInfo": {**
** "attackId": "01flm--217.163.58.195:bnp_fr:WARN:1513762440:flm2.3",**
** "lastOccurred": 1513763354**
** },**
** "eventStartTime": 1513762440,**
** "eventTitle": "Traffic Anomaly Detected for gaz_au, destination_ip 207.163.58.165 with top talker Leozeme_Networks_Inc.",**
** "eventType": "alert",**
** "isOngoing": false,**
** "service": "fbm",**
** "severity": 60**
}
I wrote this code in parser file to parse this type of event
File
do.unparsed.events=true
trigger.node.location= /
regex=^.+?{s+"eventEndTime":\s(\d+),\n\s+.+\n\s+.+\n\s+.+\n.+\n\s+"eventStartTime":\s(\d+),\n\s+"eventTitle":\s"(.+?),\sdestination_ip\s(\d+.\d+.\d+.\d+)\s(.+?)",\n\s+"eventType":\s"(\w+)",\n\s+"isOngoing":\s(\w+),\n\s+"service":\s"(\w+)",\n\s+"severity":\s(\d+)\n}
token.count=9
token[0].name=endTime
token[0].type=TimeStamp
token[0].location=end_time
token[1].name=startTime
token[1].type=TimeStamp
token[1].location=start_time
token[2].name=name
token[2].type=String
token[2].location=name
token[3].name=sourceAddress
token[3].type=String
token[3].location=source_address
token[4].name=message
token[4].type=String
token[4].location=message
token[5].name=deviceEventCategory
token[5].type=String
token[5].location=device_event_category
token[6].name=deviceCustomString1
token[6].type=String
token[6].location=device_custom_string_1
token[7].name=deviceCustomString2
token[7].type=String
token[7].location=device_custom_string_2
token[8].name=deviceSeverity
token[8].type=String
token[8].location=device_severity
#submessage.messageid.token=
#submessage.token=
event.endTime=endTime
event.startTime=startTime
event.name=name
event.sourceAddress=sourceAddress
event.message=message
event.deviceEventCategory=deviceEventCategory
event.deviceCustomString1=deviceCustomString1
event.deviceCustomString2=deviceCustomString2
event.deviceSeverity=deviceSeverity
event.deviceProduct=__stringConstant("Prolexic")
event.deviceProduct=__stringConstant("Akamai")
#l10n.filename.prefix=
I am getting this error;
INFO | jvm 1 | 2017/12/27 16:32:40 | FATAL EXCEPTION:INFO | jvm 1 | 2017/12/27 16:32:40 | java.lang.RuntimeException: Unexpected character ('/' (code 47)): Expected space separating root-level valuesINFO | jvm 1 | 2017/12/27 16:32:40 | at [Source: java.io.FileInputStream@1542b62f; line: 1, column: 4]
Is something wrong with my code?
Please help.
Thanks,
Siddarth