flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Lord <jl...@cloudera.com>
Subject Re: Flume Syslog source
Date Thu, 16 Oct 2014 04:52:06 GMT
You can also use a regex interceptor to extract hostname from the message
(assuming it's there) and put that in an event header. From there you can
route and create partitions with the header.

On Wednesday, October 15, 2014, Hari Shreedharan <hshreedharan@cloudera.com>
wrote:

> The Multiport syslog source can add the port number on which the data was
> received to the event headers. You can use with a multiplexing channel
> selector to separate this to different channels.
>
> Thanks,
> Hari
>
>
> On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <sharninder@gmail.com
> <javascript:_e(%7B%7D,'cvml','sharninder@gmail.com');>> wrote:
>
>> Hi Guys,
>>
>> I'm trying to implement a system to archive syslogs using flume. I've
>> played around with it a bit but haven't really been able to figure out a
>> way to segregate logs according to the host they're coming from? Is there a
>> way for me to add the hostname to the event header somehow? I can then use
>> either an interceptor to read the header or even a custom sink to deal with
>> events based on the hostname.
>>
>> --
>> Sharninder
>>
>>
>

Mime
View raw message