Mailing-List: contact user-help@flume.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@flume.apache.org
Received-SPF: pass (athena.apache.org: domain of jlord@cloudera.com designates
 209.85.216.178 as permitted sender)
MIME-Version: 1.0
In-Reply-To: <1413434829172.0ad74266@Nodemailer>
References: 
 <CAACPw8C5WGrk4JHaRvY2cOEmT0enA_n0H6a8p4LegDdrfSs-_A@mail.gmail.com>
	<1413434829172.0ad74266@Nodemailer>
Date: Wed, 15 Oct 2014 21:52:06 -0700
Message-ID: 
 <CAJmzdX=SjzGaTzD-_de33SNL1sU52aSj7vce0s4U4NwZG7jHrA@mail.gmail.com>
Subject: Re: Flume Syslog source
From: Jeff Lord <jlord@cloudera.com>
To: "user@flume.apache.org" <user@flume.apache.org>
Content-Type: multipart/alternative; boundary=001a11c12e649b6d1405058302a7

--001a11c12e649b6d1405058302a7
Content-Type: text/plain; charset=UTF-8

You can also use a regex interceptor to extract hostname from the message
(assuming it's there) and put that in an event header. From there you can
route and create partitions with the header.

On Wednesday, October 15, 2014, Hari Shreedharan <hshreedharan@cloudera.com>
wrote:

> The Multiport syslog source can add the port number on which the data was
> received to the event headers. You can use with a multiplexing channel
> selector to separate this to different channels.
>
> Thanks,
> Hari
>
>
> On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <sharninder@gmail.com
> <javascript:_e(%7B%7D,'cvml','sharninder@gmail.com');>> wrote:
>
>> Hi Guys,
>>
>> I'm trying to implement a system to archive syslogs using flume. I've
>> played around with it a bit but haven't really been able to figure out a
>> way to segregate logs according to the host they're coming from? Is there a
>> way for me to add the hostname to the event header somehow? I can then use
>> either an interceptor to read the header or even a custom sink to deal with
>> events based on the hostname.
>>
>> --
>> Sharninder
>>
>>
>

--001a11c12e649b6d1405058302a7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

You can also use a regex interceptor to extract hostname from the message (=
assuming it&#39;s there) and put that in an event header. From there you ca=
n route and create partitions with the header.<span></span><br><br>On Wedne=
sday, October 15, 2014, Hari Shreedharan &lt;<a href=3D"mailto:hshreedharan=
@cloudera.com">hshreedharan@cloudera.com</a>&gt; wrote:<br><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex">
<span><div>The Multiport syslog source can add the port number on which the=
 data was received to the event headers. You can use with a multiplexing ch=
annel selector to separate this to different channels.</div></span><div>
<br>Thanks,<br>Hari</div>
<br><br><div class=3D"gmail_quote"><p>On Wed, Oct 15, 2014 at 9:45 PM, Shar=
ninder <span dir=3D"ltr">&lt;<a href=3D"javascript:_e(%7B%7D,&#39;cvml&#39;=
,&#39;sharninder@gmail.com&#39;);" target=3D"_blank">sharninder@gmail.com</=
a>&gt;</span> wrote:<br></p><blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"=
>
<div>Hi Guys,<br><br>I&#39;m trying to implement a system to archive syslog=
s using flume. I&#39;ve played around with it a bit but haven&#39;t really =
been able to figure out a way to segregate logs according to the host they&=
#39;re coming from? Is there a way for me to add the hostname to the event =
header somehow? I can then use either an interceptor to read the header or =
even a custom sink to deal with events based on the hostname.<br><br>--<br>=
</div>Sharninder<br><br></div></blockquote></div><br></blockquote>

--001a11c12e649b6d1405058302a7--