# Copyright (C) 2005-2021 Splunk Inc. All Rights Reserved.

#Sourcetype Extraction
[set_vclog_sourcetype]
REGEX = ^([a-z\-]+)
DEST_KEY = MetaData:Sourcetype
FORMAT = sourcetype::vmware:vclog:$1

###From VMWare v3.4.5,support for vCenter Server 5.x has ended.###
# vCenter 5.5 (Linux & Windows) Field Extractions

[vc_vpxd_fields_5x]
REGEX = \d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}([\+\-\s,][\d\:]{3,5}|Z)\s\[\w+\s+(\w+)\s+\'(\S+)\'(?: opID=([^\s\x00-\x20]+))?\](.*)
FORMAT = Offset::$1 Level::$2 Object::$3 opID::$4 Message::$5

[vc_vws_fields_5x]
REGEX = \[\d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s\S+\s*(\S+)\s([^\]]+)\]\s+(.*)
FORMAT = Level::$1 Object::$2 Message::$3

[vc_cim_fields_5x]
REGEX = \[\d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s+([^\]]+)\]\s+(.*)
FORMAT = Object::$1 Message::$2


# vCenter 6.x (Linux & Windows) Field Extractions

[vc_vpxd_fields_6x]
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}([\+\-\s,][\d\:]{3,5}|Z|)\s(\w+)\s+\S+\[\w+\]\s+\[\S+\s+\S+(?:\s+opID=(\S+))?(?:\s+[^\[\]]+)?\]\s+(.*)
FORMAT = Offset::$1 Level::$2 opID::$3 Message::$4

[vc_vws_fields_6x]
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z|)\s+(\w+)\s+\S+\s+(.*)
FORMAT = Level::$1 Message::$2

[vc_stats_fields_6x]
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s+\[\S+\s+(\S+)\s+([^\]]+)\]\s+(.*)
FORMAT = Level::$1 Object::$2 Message::$3

[vc_sms_fields]
REGEX = ^(?:[^\s]+\s+){3}(\w+)\s+([^\s]+)\s+\-\s+(.*)
FORMAT = Level::$1 Object::$2 Message::$3

#NullQueues
[vmware_vpxd_level_null_5x]
DEST_KEY = queue
FORMAT = nullQueue
REGEX = \[\w+\s+(?:verbose|trivia)\s+\'(?:[^']+)\'(?: opID=(?:[^\s\x00-\x20]+))?(?:\s\S+)?\](?:.*)

[vmware_vpxd_level_null_6x]
DEST_KEY = queue
FORMAT = nullQueue
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s(?:verbose|trivia)\s+\S+\[\w+\]\s+\[\S+\s+\S+(?:\s+opID=(?:\S+))?(?:\s+[^\[\]]+)?\]\s+(?:.*)

[vmware_vpxd_retrieveContents_null]
DEST_KEY = queue
FORMAT = nullQueue
REGEX = \[?\d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)?\s\[?(?:\w+\s)?info.*?task-internal.*?vmodl\.query\.PropertyCollector\.retrieveContents

[vmware_vpxd_null]
DEST_KEY = queue
FORMAT = nullQueue
REGEX = \[?\d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)?\s\[?(?:\w+\s)?(?:verbose|trivia|info.*?task-internal.*?vmodl\.query\.PropertyCollector\.retrieveContents)