I'm trying to join the date+time fields from the IIS log into the EventTime field for logstash digestion. This is my nxlog.conf file:
<Input iis1>
#drop comment lines, join the date+time fields into an EventTime field, convert to json
Module im_file
File 'C:\inetpub\logs\LogFiles\W3SVC2\u_ex*.log'
ReadFromLast TRUE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
to_json (); \
}
</Input>
This is the error I get:
2013-07-22 06:11:29 ERROR if-else failed at line 51, character 391 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 51, character 228 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; invalid modifier: '-'
I'm not sure how else I can go about dealing with the date+time field. Any alternative or suggestions are welcome. Thanks!