Configuring the extractor component for a rules-based parser

In a rules-based log parser, the role of the extractor is to take a collection of input lines provided by the sensor and separate these into message boundaries.

To configure the extractor, you need to first determine the extractor class to use. Then you can configure the Extractor rules based on the selected extractor class.

Configuring the Extractor class

The default extractor class used is a regular expression extractor. You can change the extractor class by modifying the Extractor component in the Contexts section of the Adapter Configuration file.

  1. In the Adapter Configuration Editor, expand the node Contexts > Basic Context Implementation.
  2. Select Regular Expression Extractor. The Extractor properties are displayed in the right pane: name, description, executable class, implementation creation date, implementation version, implementation version description, logging level, role, role creation date, role version, role version description, and unique ID. You can ignore everything except the Executable class property.
  3. Update the Executable class to the class you want to use. For information about the extractor classes provided by Generic Log Adapter, refer to the Adapter Configuration File structure reference document.
  4. Save the adapter configuration file changes.

Configuring the Extractor rules

Once you determine which extractor class to use, you can write corresponding rules for the extractor in the context instance.

  1. In the left pane of the Adapter Configuration Editor, select Configuration > Context Instance > Extractor. The right pane displays the extractor information.

  2. If the log file contains records that span multiple lines in the file, select the Contains line breaks check box. Do not select this check box if each line in the log file is a separate record or if there are no line breaks in the log file.
  3. If you want to replace the line breaks with an alternative symbol, select Replace line breaks, and type the symbol in the Line Break Symbol field.
    Note: The side effect of using this option is that the values parsed from the log file will not contain line breaks unless explicitly added by the parser substitution rules.
  4. Write a script fragment in the Start Pattern field to identify the start pattern. The default regular expression is the caret ^ symbol which is a null token matching the beginning of a string or line.
  5. To include the start pattern in the result, check the Include Start Pattern check box.
  6. Write a script fragment in the End Pattern field to identify the end pattern. The default regular expression is the dollar $ symbol which is a null token matching the end of a string or line.
  7. To include the end pattern in the result, select the Include End Pattern check box.
    Hint: To help you with identifying the start and end patterns, click the Re-run  icon Picture of the Rerun adapter icon, then click the Show log Show log icon icon. The log content that has been read by the sensor is shown in the Sensor Result view.
  8. Two optional properties that can be added to provide log record filtering in the extractor are the filter and filterExitClass properties. To configure these properties:
    1. Select Configuration > Context Instance > Extractor.
    2. Right-click on the extractor to bring up the pop-up menu. Select Add > Property. The right pane refreshes with fields to enter the property name and value.
    3. Type the name and value of the property.
  9. Save the adapter configuration file to apply changes.
  10. To test your rules, click the Re-run adapter  Picture of the Rerun adapter icon icon to run the adapter. The results will be shown in the Extractor Result view.
    Hint: You can specify the number of the record that you want to start viewing from. Use the drop down available from the Re-run adapter icon and select Start from record. This will open up a dialog that allows you to specify a record number to start from.
  11. Click the Show Next Event  Picture of the Show Next Event icon icon to see each of the log records that have been processed by the extractor rules you have written. Hint: To change the number of result entries that are available for viewing click on the Generic Log Adapter preferences icon Generic Log Adapter preferences icon to launch the preferences page. Once the preferences page launches, update the buffer size.

For a detailed description of extractor properties, see the Adapter Configuration File structure reference document.

The next step in creating a rule-based adapter is to configure the parser component.

Parent topic: Creating a rules-based adapter

Copyright © 2005,2006 IBM Corporation. All rights reserved. This document and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which is available at http://www.eclipse.org/legal/epl-v10.html