You can configure parsers for both FileLog and WinLog collectors.

Prerequisites

For the vRealize Log Insight Linux Agent:
  • Log in as root or use sudo to run console commands.
  • Log in to the Linux machine on which you installed the Log Insight Linux Agent, open a console and run pgrep liagent to verify that the Log Insight Linux Agent is installed and running.
For the vRealize Log Insight Windows Agent:
  • Log in to the Windows machine on which you installed the Log Insight Windows Agent and start the Services manager to verify that the vRealize Log Insightt service is installed.

Procedure

  1. Navigate to the folder containing the liagent.ini file.
    Operating System Path
    Linux /var/lib/loginsight-agent/
    Windows %ProgramData%\VMware\Log Insight Agent
  2. Open the liagent.ini file in any text editor.
  3. To configure a specific parser, define a parser section. [parser|myparser]

    Where myparser is an arbitrary name of the parser which can be referred from log sources. Parser section should refer to any built in (or any other defined) parser and configure that parser’s mandatory options and non-required options if needed.

    For example, base_parser=csv shows that myparser parser is derived from built-in parser csv. It expects that input logs consist of two fields which are separated with a semicolon.
    [parser|myparser] base_parser=csv fields=field_name1,field_name2 delimiter=“;”
  4. After defining myparser, refer to it from log sources winlog or filelog.
    [filelog|some_csv_logs] directory=D:\Logs include=*.txt;*.txt.* parser=myparser
    The logs collected from some_csv_logs sources, for example from the D:\Logs directory, are parsed by myparser and extracted events appear on the server as field_name1 and field_name2 respectively.
    Note: The static logs in the D:\Logs directory are not get pulled into vRealize Log Insight by the agent. However, new files that are created in the D:\Logs directory are available in vRealize Log Insight.
  5. Save and close the liagent.ini file.