Rules are applied in ascending order, defined by their numeric key, and nesting is fully supported.
Note that the numeric key may contain fractional numbers (e.g. "14.8"), which makes it very easy to insert new rules between existing ones.
Your event is expected to contain all required event has to include a Host and Date entry to be accepted. For it to be usable in the GUI it also at a minimum needs an "event" property. We recommend it includes further details per this page, event properties.
opEvents 2.0.6 and newer ships with complete generic parser rules for parsing Cisco syslogs (log format type "
cisco_alternate") and SNMP trap logs (log format type "
traplog"), plus other syslog, nxlog parsers for various vendors such as Huawei, Juniper, Microsoft, these can be extended and new entries can be contributed via firstname.lastname@example.org .