7.5.8

As of version 7.5.8, 8.1.4 and the soon to be released 7.6.0, there is a new function available. You can now fill variables with dynamic data through a template. The new function is called exec_template.

Basically, you will set a variable with either a static value or from a given property as described before. But there are cases, where this is not appropriate. For example, if you want to filter for some specific data from $msg, but cannot use the filter on the whole property because of possible multiple occurences. Please note, that the following is just a basic example and exec_template can be used for a large variety of other cases as well.

First, we need to define a template. In our case, we want to extract a specific field from the $msg property.

template(name="extract" type="string" string="%msg:F:5%")

If this template was used to write to a file, the output would resemble the fifth field from a TAB delimited log message. This could also be more specific to extract only specific characters from a field, delimited by other characters than TAB. Or you could even use complex regex functions in the template to extract the data you want.

Now we need to fill a custom variable. This is where exec_template will be used.

set $!xyz = exec_template("extract");

Instead of a already known value or property name, we call the function and give it the template that should be executed. This will result in the variable being filled with the content of the fifth field from %msg property. Now you can use this variable for filters or even other templates. Here are some examples:

if $!xyz contains 'abc' then {action()}

template(name="DynaFile" type="string" string="/var/log/%$!xyz%-data/%timereported%-%$!xyz%.log")

As you can see there are many useful possibilities and using exec_template is rather easy.

If you have additional ideas for use-cases that should be described, please let us know.