Handle SDATA in RFC5424 log records
Available in AxoSyslog 4.9 and later.
AxoSyslog FilterX has a few functions to handle the structured data (SDATA) part of RFC5424-formatted log messages. These functions allow you to filter messages based on their SDATA fields.
get_sdata()
Extracts the SDATA part of the message into a two-level dictionary, for example:
{"Originator@6876": {"sub": "Vimsvc.ha-eventmgr", "opID": "esxui-13c6-6b16"}}
filterx {
sdata_json = get_sdata();
};
has_sdata()
Returns true if the SDATA field of the current message is not empty:
filterx {
has_sdata();
};
is_sdata_from_enterprise
Filter messages based on enterprise ID in the SDATA field. For example:
filterx {
is_sdata_from_enterprise("6876");
};
Last modified March 18, 2025: Removes the experimental banner from filterx pages (1ef29e8)