You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 lines
2.4 KiB
63 lines
2.4 KiB
# Copyright (C) 2005-2021 Splunk Inc. All Rights Reserved.
|
|
|
|
#Sourcetype Extraction
|
|
[set_vclog_sourcetype]
|
|
REGEX = ^([a-z\-]+)
|
|
DEST_KEY = MetaData:Sourcetype
|
|
FORMAT = sourcetype::vmware:vclog:$1
|
|
|
|
###From VMWare v3.4.5,support for vCenter Server 5.x has ended.###
|
|
# vCenter 5.5 (Linux & Windows) Field Extractions
|
|
|
|
[vc_vpxd_fields_5x]
|
|
REGEX = \d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}([\+\-\s,][\d\:]{3,5}|Z)\s\[\w+\s+(\w+)\s+\'(\S+)\'(?: opID=([^\s\x00-\x20]+))?\](.*)
|
|
FORMAT = Offset::$1 Level::$2 Object::$3 opID::$4 Message::$5
|
|
|
|
[vc_vws_fields_5x]
|
|
REGEX = \[\d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s\S+\s*(\S+)\s([^\]]+)\]\s+(.*)
|
|
FORMAT = Level::$1 Object::$2 Message::$3
|
|
|
|
[vc_cim_fields_5x]
|
|
REGEX = \[\d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s+([^\]]+)\]\s+(.*)
|
|
FORMAT = Object::$1 Message::$2
|
|
|
|
|
|
# vCenter 6.x (Linux & Windows) Field Extractions
|
|
|
|
[vc_vpxd_fields_6x]
|
|
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}([\+\-\s,][\d\:]{3,5}|Z|)\s(\w+)\s+\S+\[\w+\]\s+\[\S+\s+\S+(?:\s+opID=(\S+))?(?:\s+[^\[\]]+)?\]\s+(.*)
|
|
FORMAT = Offset::$1 Level::$2 opID::$3 Message::$4
|
|
|
|
[vc_vws_fields_6x]
|
|
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z|)\s+(\w+)\s+\S+\s+(.*)
|
|
FORMAT = Level::$1 Message::$2
|
|
|
|
[vc_stats_fields_6x]
|
|
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s+\[\S+\s+(\S+)\s+([^\]]+)\]\s+(.*)
|
|
FORMAT = Level::$1 Object::$2 Message::$3
|
|
|
|
[vc_sms_fields]
|
|
REGEX = ^(?:[^\s]+\s+){3}(\w+)\s+([^\s]+)\s+\-\s+(.*)
|
|
FORMAT = Level::$1 Object::$2 Message::$3
|
|
|
|
#NullQueues
|
|
[vmware_vpxd_level_null_5x]
|
|
DEST_KEY = queue
|
|
FORMAT = nullQueue
|
|
REGEX = \[\w+\s+(?:verbose|trivia)\s+\'(?:[^']+)\'(?: opID=(?:[^\s\x00-\x20]+))?(?:\s\S+)?\](?:.*)
|
|
|
|
[vmware_vpxd_level_null_6x]
|
|
DEST_KEY = queue
|
|
FORMAT = nullQueue
|
|
REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s(?:verbose|trivia)\s+\S+\[\w+\]\s+\[\S+\s+\S+(?:\s+opID=(?:\S+))?(?:\s+[^\[\]]+)?\]\s+(?:.*)
|
|
|
|
[vmware_vpxd_retrieveContents_null]
|
|
DEST_KEY = queue
|
|
FORMAT = nullQueue
|
|
REGEX = \[?\d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)?\s\[?(?:\w+\s)?info.*?task-internal.*?vmodl\.query\.PropertyCollector\.retrieveContents
|
|
|
|
[vmware_vpxd_null]
|
|
DEST_KEY = queue
|
|
FORMAT = nullQueue
|
|
REGEX = \[?\d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)?\s\[?(?:\w+\s)?(?:verbose|trivia|info.*?task-internal.*?vmodl\.query\.PropertyCollector\.retrieveContents)
|