1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.2.
.TH LOGNORMALIZER "1" "June 2022" "lognormalizer 2.0.6" "User Commands"
.SH NAME
lognormalizer \- test and debug liblognorm rulebases
.SH OPTIONS
.HP
\fB\-r\fR<rulebase> Rulebase to use. This is required option
.TP
\fB\-H\fR
print summary line (nbr of msgs Handled)
.TP
\fB\-U\fR
print number of unparsed messages (only if non\-zero)
.HP
\fB\-e\fR<json|xml|csv|cee\-syslog|raw>
.IP
Change output format. By default, json is used
Raw is exactly like the input. It is useful in combination
with \fB\-p\fR/\-P options to extract known good/bad messages
.TP
\fB\-E\fR<format>
Encoder\-specific format (used for CSV, read docs)
.TP
\fB\-T\fR
Include 'event.tags' in JSON format
.HP
\fB\-oallowRegex\fR Allow regexp matching (read docs about performance penalty)
.TP
\fB\-oaddRule\fR
Add a mockup of the matching rule.
.HP
\fB\-oaddRuleLocation\fR Add location of matching rule to metadata
.HP
\fB\-oaddExecPath\fR Add exec_path attribute to output
.HP
\fB\-oaddOriginalMsg\fR Always add original message to output, not just in error case
.TP
\fB\-p\fR
Print back only if the message has been parsed successfully
.TP
\fB\-P\fR
Print back only if the message has NOT been parsed successfully
.TP
\fB\-L\fR
Add source file line number information to unparsed line output
.TP
\fB\-t\fR<tag>
Print back only messages matching the tag
.TP
\fB\-v\fR
Print debug. When used 3 times, prints parse DAG
.TP
\fB\-V\fR
Print version information
.TP
\fB\-d\fR
Print DOT file to stdout and exit
.HP
\fB\-d\fR<filename> Save DOT file to the filename
.HP
\fB\-s\fR<filename> Print parse dag statistics and exit
.HP
\fB\-S\fR<filename> Print extended parse dag statistics and exit (includes \fB\-s\fR)
.HP
\fB\-x\fR<filename> Print statistics as dot file (called only)
|
