Signification of fields in an export
Here is a sample of a JSON Pretty Print export :
{
"logs": [
{
"Date": "17:32:19",
"IP": "172.94.165.192",
...
"pmld": 1415982739,
"pml": "92.94.165.192 - - [14\/Nov\/2014:17:32:19 +0100] \"GET \/fonts\/ubuntumono-r-webfont.woff HTTP\/1.1\" 304 - \"http:\/\/demo.pimpmylog.com\/?tz=Europe%2FParis&l=en_GB&w=on&o=&p=&i=apacheaccess&m=10&r=0&s=&n=false\" \"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit\/600.1.25 (KHTML, like Gecko) Version\/8.0 Safari\/600.1.25\" 0\/253",
"pmlo": 20917033
},
...
],
"found": true,
"abort": false,
"regsearch": false,
"search": "",
"full": true,
"lpo": 20914230,
"count": 10,
"bytes": 3444,
"skiplines": 3,
"errorlines": 0,
"fingerprint": "a86fc560228ae1c2551c775db56bd01e",
"lastline": "7efd76bf6e961c3f73983f1d9442891051ddccee",
"duration": 8,
"filesize": 20917686,
"filemodif": "2014\/11\/14 17:32:22",
"filemodifu": "1415982742"
}
logs
This is an array of several log objects.
A log object contains all your defined types and the 3 following values :
logs->pml
This is the raw line for this log.
logs->pmld
This is the epoch time of this log (computed from a field with type date)
logs->pmlo
This is the offset in bytes of this line from the beginning of the log file.
found
true if at least one line of log has been found
abort
true if the log parser has been stopped because of
the timeout
regsearch
true if the provided search expression has been
detected and used as a regular expression
search
The expression or regular expression to filter each line of log
full
Should always be true (use internally to only load
new logs)
lpo
The last offset in bytes handled by the parser
When the log file is totally parsed (from end of file to start),
this value is 1
count
The count of matched and returned lines of log
bytes
The count of bytes parsed by the parser
skiplines
The number of skipped lines of log when filtering with
search (non matching lines)
errorlines
The number of incomprehensible lines
When the parser has read a line, it tries to parse this line with the regex defined in your configuration file. When a line does not match, it increases this value by one.
When using multiline parameter, this value should
always be 0 because unmatched lines are considered as
a part of a multi line field.
fingerprint
This is a hash of all logs.
So if you call a feed URL two times, if this value has changed the second time then you are sure that you have something to do.
If the value has not changed the second time, nothing has changed.
lastline
This is a hash of the newer returned line.
duration
The duration of the parser execution in millisecond
filesize
The size of the whole log file
filemodif
The last modification date of the log file
filemodifu
The last modification date of the log file in an epoch format