Github user ctramnitz commented on the issue:
https://github.com/apache/metron/pull/579
8.0 log format is also working now
In the latest two commits I included the changed tests from @justinleet but
changed the expected input from full syslog messages including syslog header
into just the syslog message aka payload.
It is not safe to assume that the previously used syslog header (in old
RFC3164 format) will be used by anyone. Until we have something generic to
(pre-)parse syslog before it reaches the message parser I assumed the messages
will be stripped off the syslog header for now.
This works nicely with the rsyslog config snippet above.
The PR should be ready for prime-time now. Please let me know if anything
else needs to be changed.
---
