Doc tweaks

2014-07-31 08:20:18 -04:00
parent 25b218b926
commit f7bcc4bfa6
2 changed files with 47 additions and 18 deletions
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ The current supported Input format sources are:
 1. [Logs](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/Logs.md) (Files, a.k.a Tailing a file)
 2. [Tcp](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/TcpInput.md) (listens on a port for JSON messages)
 3. [IISW3C](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/IISW3CInput.md)(Internet Information Services W3C Format)
- 4. [WindowsEvents](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/WindowsEvents.md)
+ 4. [WindowsEvents](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/WindowsEvents.md) (Windows Event Viewer)

 ## Filters
 The current list of supported filters are:
@@ -47,19 +47,48 @@ TimberWinR reads a JSON configuration file, an example file is shown here:
            }
        ]
    },
+    "Filters": [          
+        {
+            "grok": {
+                "condition": "[type] == \"Win32-Eventlog\"",
+                "match": [
+                    "Message",
+                    ""
+                ],                   
+                "remove_field": [
+                    "ComputerName"                   
+                ]
+            }
+        }
+    ],
    "Outputs": {
        "Redis": [
            { 
+                "_comment": "Shuffle these hosts",
                "host": [
-                    "server1.host.com"
+                   "server1.host.com", 
+                   "server2.host.com"
                ]
            }
        ]
    }
 }
 ```
-This configuration collects Events from the Windows Event Logs (System, Application) and forwards them
-to Redis.
+This configuration:
+ 1. Inputs: Events from the Windows Event Logs (System, Application)
+ 2. Filters: Removes the ComputerName field
+ 3. Sends the event to Redis services (server1.host.com, server2.host.com) in a shuffling manner (balanced).
+
+## Installation
+You must first install LogParser, then install TimberWinR.   Install LogParser from here:
+
+[Install LogParser](http://www.microsoft.com/en-us/download/details.aspx?id=24659) from Microsoft.
+
+After installing, follow the remaining directions here.
+## Running Interactively
+```
+TimberWinR.ServiceHost.exe -configFile:myconfig.json -logLevel:Debug
+```

 ## Installation as a Windows Service
 TimberWinR uses [TopShelf](http://topshelf-project.com/) to install as a service, so all the documentation
--- a/TimberWinR.ServiceHost/config.json
+++ b/TimberWinR.ServiceHost/config.json
@@ -15,18 +15,6 @@
                }
            ]
        },
-        "Outputs": {
-            "Redis": [
-                { 
-                    "threads":  1,   
-                    "interval": 5000, 
-                    "batch_count":  500,              
-                    "host": [
-                        "tstlexiceapp006.vistaprint.svc"
-                    ]
-                }
-            ]
-        },
        "Filters": [          
            {
                "grok": {
@@ -92,6 +80,18 @@
                    ]
                }                
            }           
+        ],
+        "Outputs": {
+            "Redis": [
+                { 
+                    "threads":  1,   
+                    "interval": 5000, 
+                    "batch_count":  500,              
+                    "host": [
+                        "tstlexiceapp006.vistaprint.svc"
+                    ]
+                }
            ]
        }       
    }
+}