The example below demonstrates how to extract the contents of a SyslogMessageUDR.
Image Added
Syslog workflow
Set the output route from Syslog_1 to synchronous in order to facilitate debugging. This causes the messages to be processed in sequential order. For other purposes the route should be set to asynchronous (default).
| Info |
|---|
| title | Example - Analysis_1 APL Code |
|---|
|
| Code Block |
|---|
| consume {
debug("*** BEGIN ***");
debug("AppName: " + input.AppName);
debug("Facility: " + input.Facility);
debug("HostName: " + input.HostName);
debug("Message: " + input.Msg);
debug("MsgId: " + input.MsgId);
debug("ProcId: " + input.ProcId);
debug("Severity: " + input.Severity);
debug("Timestamp: " + input.Timestamp);
debug("Version: " + input.Version);
if(null != input.StructuredData) {
debugStructuredData(input.StructuredData);
}
debug("*** END ***");
}
void debugStructuredData(map<string,map<string,string>> sdData) {
debug("StructuredData:");
//Get the SD-ELEMENT keys from Structured Data
list<string> sdKeys = mapKeys(sdData);
//Get the number of SD elements
int sdSize = listSize(sdKeys);
//Iterate through the SD-ELEMENTs
for(int i=0;i<sdSize;i++) {
debug("SD-ELEMENT #" + (i+1));
//Get the next SD-ELEMENT
map<string,string> element = mapGet(sdData, (string) listGet(sdKeys,0));
//Get the SD-PARAM keys in the SD-ELEMENT
list<string> paramKeys = mapKeys(element);
//Get the number of SD-PARAMs
int paramSize = listSize(paramKeys);
//Iterate through the SD-PARAMs
for(int j=0;j<paramSize;j++) {
string curKey = listGet(paramKeys,j);
string curVal = mapGet(element, curKey);
debug("SD-PARAM #" + (j+1) + ":" + curKey + ":" + curVal);
}
}
} |
|
