TechQA.

NXLog and long messages

1.2k views Asked by At

Forwarding windows events using NXLog to JSON format. The problem is that now and then, the JSON message becomes too large/long for the receiving system.

Is there a way to limit/truncate the JSON outputted from NXLog without breaking the JSON?

I have tried to work only on the $Message part, here trying to truncate it at 20 characters... but that doesn't work (infinite loop).

Exec $Message =~ s/^(.{1,20}).*$/$1/g;

nxlog
Original Q&A
1

There are 1 answers

1
b0ti On BEST ANSWER

This is usually caused by $Message (or $raw_event) being too large like you said. Instead of a regexp I suggest using the substr() function to truncate the data:

Exec $Message = substr($Message, 0, 20);

Related Questions in NXLOG

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions