Christian Haudum
Christian Haudum
If you don't need to parse **all** key value pairs of the extension field, it may be relatively easy: ``` {filename="/var/log/cef.log"} |= "cat=Discovery" | pattern `CEF:|||||||` | label_format original=`CEF:{{.v}}|{{.vendor}}|{{.product}}|{{.version}}|{{.signature}}|{{.name}}|{{.severity}}|{{.extension}}` |...
> Though I think it does show why a dedicated `cef` parser would be useful :) Agree, a dedicated parser would be more useful. If we wanna do this, we'll...
Thanks @unawarez for looking into this again! > Closing the pipes also meant they couldn't be persisted in the streams map. Without that, it might be worth directly using the...
Seems that we agreed that we want to disable the profiling endpoints by default, so basically good to go. However, regarding the configuration parameter naming, I would want to change...
> This looks awesome! > > What do you think about renaming `IdempotentKey` to just `ID` or `RequestID`? `IdempotentKey` is really specific to what we're accomplishing. If it were renamed,...
@btaani Thanks for addressing all the comments! 🙌 I gave an additional test case which I expect not to fail. The one thing I am a bit worried about are...
I tried to reproduce this but I could not. Are you sure you start the `promtail` with the same user, or in the same terminal session where you export the...
I've been testing UDP using `rsyslog` and the following configuration: ``` module(load="omprog") module(load="mmutf8fix") action(type="mmutf8fix" replacementChar="?") *.* action(type="omfwd" protocol="udp" target="" port="514" Template="RSYSLOG_SyslogProtocol23Format") ``` With this configuration Promtail receives the logs and...
> @chaudum thank you for looking into it, I can confirm that your script works indeed, removing newline breaks it. Unfortunately our switches do not add new line at the...
@sandeepsukhani Do you wanna update this PR?