[syslog_log] Case-insensitive search for level strings

While looking through syslog messages on OS X, came across plenty of
error/warning messages where the level was in all-caps and as a result
were not recognized. There was also a lot of false positives due to the
word error turning up as part of a longer string.

This change:
- Changes the log level regex to do a case-insensitive search.
- Ognores the string 'error', if it is part of a longer string.
This commit is contained in:
Suresh Sundriyal 2015-05-30 22:44:41 -07:00
parent 100e4233d5
commit f476f904db

View File

@ -586,8 +586,8 @@
},
"level-field" : "body",
"level" : {
"error" : "(?:failed|failure|error)",
"warning" : "(?:warn|not responding|init: cannot execute)"
"error" : "(?:(?:(?<![a-zA-Z]))(?:(?i)error(?:s)?)(?:(?![a-zA-Z]))|failed|failure)",
"warning" : "(?:(?:(?i)warn)|not responding|init: cannot execute)"
},
"value" : {
"log_hostname" : {