Can you show what the properties are for this message? Sent from phone, thus brief.
Am 30.11.2016 20:18 schrieb "[email protected]" <[email protected]>: > Hi > > I'm still not able to get it, and *perhaps reproduced an issue related to > properties not being accessible*... > Consider the following relay.conf: > > global( > MaxMessageSize="32k" > workDirectory="/var/spool/rsyslog" > parser.escapeControlCharactersOnReceive="off" > ) > > template( > name="json" > string="<%pri%>%timestamp:::date-rfc3339% %hostname% > logs/%$!data!group%/%$!data!aapp%: %$!data%" > type="string" > ) > > module(load="omrelp") > ruleset(name="relp") { > set $!data!aapp=field($programname,"/",2); > set $!data!file="$!metadata!filename"; > set $!data!group=field($programname,"/",1); > set $!data!msg=$msg; > action( > action.reportSuspension="on" > action.resumeRetryCount="-1" > port="20514" > queue.maxdiskspace="5M" > queue.SaveOnShutdown="on" > queue.type="LinkedList" > target="server" > template="json" > type="omrelp" > ) > } > ruleset(name="apps") { > call relp > stop > } > > module(load="imfile") > > input(type="imfile" file="/logs/apache/app1/app.log" > tag="group/app1" addMetadata="on" ruleset="apps" > PersistStateInterval="1") > > input(type="imfile" file="/logs/apache/app2/app.log" > tag="group/app2" addMetadata="on" ruleset="apps" > PersistStateInterval="1") > ruleset(name="app_server1") { > set $!data!containerApps="app1,app2"; > call relp > stop > } > > input(type="imfile" file="/logs/server1/app1.log" > tag="group1/server1" addMetadata="on" ruleset="app_server1" > startmsg.regex="^####" readTimeout="5" PersistStateInterval="1") > input(type="imfile" file="/logs/server1/app2.log" > tag="group1/server1" addMetadata="on" ruleset="app_server1" > startmsg.regex="^####" readTimeout="5" PersistStateInterval="1") > > ruleset(name="app_server2") { > set $!data!containerApps="app2,app3"; > call relp > stop > } > input(type="imfile" file="/logs/server2/app2.log" > tag="group2/server2" addMetadata="on" ruleset="app_server2" > startmsg.regex="^####" readTimeout="5" PersistStateInterval="1") > input(type="imfile" file="/logs/server2/app3.log" > tag="group2/server2" addMetadata="on" ruleset="app_server2" > startmsg.regex="^####" readTimeout="5" PersistStateInterval="1") > > > With this configuration I'm getting messages like: > > 200 syslog 911 <133>2016-11-30T20:02:30.210405+01:00 my-rsyslog > logs/group/***FIELD NOT FOUND***: { "aapp": "***FIELD NOT FOUND***", > "file": "\/logs\/apache\/app1\/app.log", "group": "group", "msg": > "17 mar 2016 13:27:28,934 INFO REDACTED..." } > > > Why /aapp/ field isn't found? > > Regards > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
