Forwarding windows events using NXLog to JSON format. The problem is that now and then, the JSON message becomes too large/long for the receiving system.
Is there a way to limit/truncate the JSON outputted from NXLog without breaking the JSON?
I have tried to work only on the $Message part, here trying to truncate it at 20 characters... but that doesn't work (infinite loop).
Exec $Message =~ s/^(.{1,20}).*$/$1/g;
This is usually caused by $Message (or $raw_event) being too large like you said.
Instead of a regexp I suggest using the substr() function to truncate the data:
Exec $Message = substr($Message, 0, 20);