Syslog Collection Agent Example

The example below demonstrates how to extract the contents of a SyslogMessageUDR.

Syslog workflow

Set the output route from Syslog_1 to synchronous in order to facilitate debugging. This causes the messages to be processed in sequential order. For other purposes the route should be set to asynchronous (default).

Example - Analysis_1 APL Code

consume {
    debug("*** BEGIN ***");
    debug("AppName: " + input.AppName);
    debug("Facility: " + input.Facility);
    debug("HostName: " + input.HostName);
    debug("Message: " + input.Msg);
    debug("MsgId: " + input.MsgId);
    debug("ProcId: " + input.ProcId);
    debug("Severity: " + input.Severity);
    debug("Timestamp: " + input.Timestamp);
    debug("Version: " + input.Version);
    if(null != input.StructuredData) {
        debugStructuredData(input.StructuredData);
    }
    debug("*** END ***");
}

void debugStructuredData(map<string,map<string,string>> sdData) {
    debug("StructuredData:");
     //Get the SD-ELEMENT keys from Structured Data
    list<string> sdKeys = mapKeys(sdData);
    //Get the number of SD elements
    int sdSize = listSize(sdKeys);
    //Iterate through the SD-ELEMENTs
    for(int i=0;i<sdSize;i++) {
        debug("SD-ELEMENT #" + (i+1));
        //Get the next SD-ELEMENT
        map<string,string> element = mapGet(sdData, (string) listGet(sdKeys,0));
        //Get the SD-PARAM keys in the SD-ELEMENT
        list<string> paramKeys = mapKeys(element);
        //Get the number of SD-PARAMs
        int paramSize = listSize(paramKeys);
        //Iterate through the SD-PARAMs
        for(int j=0;j<paramSize;j++) {
            string curKey = listGet(paramKeys,j);
            string curVal = mapGet(element, curKey);
            debug("SD-PARAM #" + (j+1) + ":" + curKey + ":" + curVal);
        }
    }
}