.*)?" ], "value" : { "printer" : { "kind" : "string", "identifier" : true }, "username" : { "kind" : "string", "identifier" : true }, "job_id" : { "kind" : "integer", "identifier" : true }, "page_number" : { "kind" : "string" }, "copies" : { "kind" : "integer" }, "billing" : { "kind" : "string", "identifier" : true }, "hostname" : { "kind" : "string", "identifier" : true }, "title" : { "kind" : "string", "identifier" : true } } }, "vmw_log" : { "regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)$"], "level-field": "level", "level" : { "error" : "error", "warning" : "warning", "trace" : "verbose" }, "value" : { "tid" : { "kind" : "string", "identifier" : true }, "comp" : { "kind" : "string", "identifier" : true }, "opid" : { "kind" : "string", "identifier" : true }, "user" : { "kind" : "string", "identifier" : true } } }, "choose_repo_log" : { "regex" : [ "^\\[(?<level>\\w+):[^\\]]+] [^:]+:\\d+ (?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?<body>.*)" ], "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "sample" : [ { "line": "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo" } ] }, "dpkg_log" : { "regex" : [ "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<action>startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?<status>config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?<package>[^ ]+) (?<installed_version>[^ ]+)(?: (?<available_version>[^ ]+))?)|update-alternatives: (?<body>.*))$" ], "value" : { "action" : { "kind" : "string", "identifier" : true }, "status" : { "kind" : "string", "identifier" : true }, "package" : { "kind" : "string", "identifier" : true }, "installed_version" : { "kind" : "string" }, "available_version" : { "kind" : "string" } }, "sample" : [ { "line" : "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20" }, { "line" : "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8" }, { "line" : "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10" } ] }, "block_log" : { "regex" : [ "^(?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})$" ] }, "fsck_hfs_log" : { "regex" : [ "^(?<device>[^:]+): fsck_hfs run at (?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})" ], "value" : { "device" : { "kind" : "string", "identifier" : true } } }, "snaplogic_log" : { "regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<level>\\w+) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>[^ \\.]+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+))|(?:stdout: ))(?<body>.*)"], "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "value" : { "logger" : { "kind" : "string", "identifier" : true }, "facility" : { "kind" : "string", "identifier" : true }, "msgid" : { "kind" : "string", "identifier" : true }, "pipe_rid" : { "kind" : "string", "identifier" : true }, "comp_rid" : { "kind" : "string", "identifier" : true }, "resource_name" : { "kind" : "string", "identifier" : true }, "invoker" : { "kind" : "string", "identifier" : true } } } }

{ "syslog_log" : { "regex" : [ "^(?\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?[a-zA-Z0-9][^ ]+))?(?:(?: (?(?:[^ \\[:]+|[^:]+))(?:\\[(?\\d+)])?:(?.*))|(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" ], "level-field" : "body", "level" : { "error" : "(?:failed|failure|error)", "warning" : "(?:warn|not responding|init: cannot execute)" }, "value" : { "log_hostname" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "log_procname" : { "kind" : "string", "identifier" : true }, "log_pid" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB" }, { "line" : "Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)" } ] }, "access_log" : { "regex" : [ "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?[^ ]+) (?[^ ]+) (?[A-Z]+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?:-1|\\d+) (?\\d+) \\d+", "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?[^ ]+) (?[^ ]+) (?[A-Z]+) \"(?[^ \\?]+)(?:\\?(?[^ ]*))?\" (?:-1|\\d+) (?\\d+) \\d+", "^(?[\\w\\.\\-]+) [\\w\\.\\-]+ (?[\\w\\.\\-]+) \\[(?[^\\]]+)\\] \"(?:\\-|(?\\w+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?[\\w/\\.]+))\" (?\\d+) (?\\d+|-)(?: \"(?[^\"]+)\" \"(?[^\"]+)\")?.*" ], "level-field": "sc_status", "level" : { "error" : "^[^123]" }, "value" : { "c_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "cs_username" : { "kind" : "string", "identifier" : true }, "cs_method" : { "kind" : "string", "identifier" : true }, "cs_uri_stem" : { "kind" : "string", "identifier" : true }, "cs_uri_query" : { "kind" : "string" }, "cs_version" : { "kind" : "string", "identifier" : true }, "sc_status" : { "kind" : "integer" }, "sc_bytes" : { "kind" : "integer" }, "cs_referer" : { "kind" : "string", "identifier" : true }, "cs_user_agent" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 200 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\"" } ] }, "error_log" : { "regex" : [ "^(?\\w) \\[(?\\d{2}/\\w{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2}) [\\w\\-\\+]+\\] (?.*)" ], "level-field": "level", "level" : { "error" : "E", "warning" : "W", "info" : "I" } }, "page_log" : { "regex" : [ "^(?[\\w_\\-\\.]+) (?[\\w\\.\\-]+) (?\\d+) \\[(?\\d{2}/\\w{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2}) [\\w\\-\\+]+\\] (?total|\\d+) (?\\d+) (?[^ ]+) (?[\\w\\.\\-]+)\\s*(?.*)?" ], "value" : { "printer" : { "kind" : "string", "identifier" : true }, "username" : { "kind" : "string", "identifier" : true }, "job_id" : { "kind" : "integer", "identifier" : true }, "page_number" : { "kind" : "string" }, "copies" : { "kind" : "integer" }, "billing" : { "kind" : "string", "identifier" : true }, "hostname" : { "kind" : "string", "identifier" : true }, "title" : { "kind" : "string", "identifier" : true } } }, "vmw_log" : { "regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)$"], "level-field": "level", "level" : { "error" : "error", "warning" : "warning", "trace" : "verbose" }, "value" : { "tid" : { "kind" : "string", "identifier" : true }, "comp" : { "kind" : "string", "identifier" : true }, "opid" : { "kind" : "string", "identifier" : true }, "user" : { "kind" : "string", "identifier" : true } } }, "choose_repo_log" : { "regex" : [ "^\\[(?<level>\\w+):[^\\]]+] [^:]+:\\d+ (?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?<body>.*)" ], "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "sample" : [ { "line": "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo" } ] }, "dpkg_log" : { "regex" : [ "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<action>startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?<status>config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?<package>[^ ]+) (?<installed_version>[^ ]+)(?: (?<available_version>[^ ]+))?)|update-alternatives: (?<body>.*))$" ], "value" : { "action" : { "kind" : "string", "identifier" : true }, "status" : { "kind" : "string", "identifier" : true }, "package" : { "kind" : "string", "identifier" : true }, "installed_version" : { "kind" : "string" }, "available_version" : { "kind" : "string" } }, "sample" : [ { "line" : "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20" }, { "line" : "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8" }, { "line" : "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10" } ] }, "block_log" : { "regex" : [ "^(?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})$" ] }, "fsck_hfs_log" : { "regex" : [ "^(?<device>[^:]+): fsck_hfs run at (?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})" ], "value" : { "device" : { "kind" : "string", "identifier" : true } } }, "snaplogic_log" : { "regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<level>\\w+) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>[^ \\.]+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+))|(?:stdout: ))(?<body>.*)"], "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "value" : { "logger" : { "kind" : "string", "identifier" : true }, "facility" : { "kind" : "string", "identifier" : true }, "msgid" : { "kind" : "string", "identifier" : true }, "pipe_rid" : { "kind" : "string", "identifier" : true }, "comp_rid" : { "kind" : "string", "identifier" : true }, "resource_name" : { "kind" : "string", "identifier" : true }, "invoker" : { "kind" : "string", "identifier" : true } } } }