Hello, I am collecting syslog messages in format RFC5424 sent via rsyslog, I haven't been able so far to find a way to set the severity level directly from rsyslog, so I'd like to see if it's possible/easier in graylog. The lines in the file are like this
2016-03-10 07:01:09,778 INFO [taskname] long description 1 > 2016-03-10 07:01:09,784 DEBUG [taskname] long description 2 > Basically I'd like to extract the following - Time can be removed (already got it from syslog) - Level should should be converted from log4j levels (DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERG) into syslog names or levels (0-7) - Appname extracted from [] Is that possible to do? I found out the following, - In the level extraction I can simple extract the level from the original logs, but it won't be in numeric format, how could I convert from one to the other? None of the default converters seem to be appropiate for this. - In the message field the information I extracted is still shown, (even if in the filter is selected to cut), I don't know if it's expected or a bug in the alpha5 version I'm using. I'd expect not having the file timestamp in the message, but it's there. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b7cb9515-6fda-4d86-bb17-14616d8c2c92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
