Bellow is an example for the use of the ScriptingAPI. This example does the following:
Counts events going through the filter. Adds a new "eventCount" field to the event.
Retrieves the ev:msg field from the event every 10th event.
Adds a new event with the ev:msg set to: "Event number: <count> Message: <ev:msg from orginal event>"
Sends this new event to ScriptArchive destination.
from java.lang import Integer;
count = scriptingAPI.getContext().get("count");
if count == None :
count = int(0)
count = count + 1
scriptingAPI.getContext().put("count", count)
currentEvent.getXml().setField("eventCount", count.toString())
if count % 10 == 0:
ev2 = scriptingAPI.createEvent("host", "app", "log")
msg = currentEvent.getXml().getPropertyValue("ev:msg")
if msg == None:
msg = ""
ev2.getXml().setField("ev:msg", " Event number: " + str(count) + " Message: " + str(msg))
scriptingAPI.insertEvent(ev2, "ScriptArchive")
importPackage(java.lang);
count = scriptingAPI.getContext().get("count");
if (count == null) {
count = new Integer(0);
}
count = count.intValue()+1;
scriptingAPI.getContext().put("count", count);
currentEvent.getXml().setField("eventCount", count.toString());
if (count % 10 == 0) {
ev2 = scriptingAPI.createEvent("host", "app", "log");
msg = currentEvent.getXml().getPropertyValue("ev:msg");
if (msg == null) {
msg = "";
}
ev2.getXml().setField("ev:msg", "Event number: " + count + " Message: " + msg);
scriptingAPI.insertEvent(ev2, "ScriptArchive");
}
count = scriptingAPI.getContext().get("count");
if (count == null) {
count = 0;
}
count = count + 1;
scriptingAPI.getContext().put("count", count);
currentEvent.getXml().setField("eventCount", count.toString());
if (count % 10 == 0) {
ev2 = scriptingAPI.createEvent("host", "app", "log");
msg = currentEvent.getXml().getPropertyValue("ev:msg");
if (msg == null) {
msg = "";
}
ev2.getXml().setField("ev:msg", "Event number: " + count + " Message: " + msg);
scriptingAPI.insertEvent(ev2, "ScriptArchive");
}