Hi list :)
I have a specific scenario that I don't know how to tackle: we're receiving
CEE-formatted logs that we parse with mmjsonparse. How can I use
mmnormalize to parse unstructured text that lives in one variable of the
JSON I get?
For example:
@cee: {"user": "test1", "group": "users", "message": "apples 3"}
And I'd like to get, in the end:
{"user": "test1", "group": "users", "product": "apples", "price": 3}
It sounds like this wound be doable if mmnormalize had a "template" option.
I would just feed it with the "message" field. But then, would the
resulting properties overwrite the others (user, group)? It shouldn't,
especially if I set "path" to "$!parsed_fields" or something like that, no?
It's worth double-checking :)
Another, somehow related question, is whether there can be an equivalent of
$!all-json that would contain all variables (JSON + syslog properties).
This would simplify all the rsyslog+Elasticsearch tutorials out there by a
lot. And maybe other outputs that need JSON.
Any thoughts/ideas? I'd appreciate any sort of feedback.
Best regards,
Radu
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
