On Fri, 24 Feb 2017, matthew.gaetano wrote:
Interesting, didn't think of that. I thought exec_template was only good for
formatting a single variable, per say changing the timestamp format. Though
i suppose you could populate a variable with the result of the variables
using it; if you wanted th
Interesting, didn't think of that. I thought exec_template was only good for
formatting a single variable, per say changing the timestamp format. Though
i suppose you could populate a variable with the result of the variables
using it; if you wanted the entire current set of variables, wouldn't tha
te: Fri, 24 Feb 2017 13:21:23 -0700 (MST)
From: matthew.gaetano
Reply-To: rsyslog-users
To: rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] Send logs in JSON format to Elasticsearch
Just an FYI: mmnormalize can only take the rawsg or msg rsyslog properties.
However there is a undocumented option c
Just an FYI: mmnormalize can only take the rawsg or msg rsyslog properties.
However there is a undocumented option called "variable" that allows you to
instead pass any variable including JSON properties and locally defined.
This how we solved the issue as per David's suggestions/comments.
On Thu, 23 Feb 2017, Alec Swan via rsyslog wrote:
Liblognorm v2 supports json parser but it looks like it cannot be applied
to the entire log message, which is sad.
sure it can.
you can configure mmnormalize to pass $msg to the parser engine, $rawmsg, or
$!whatever.
If your messages arrive
For some reason I stopped receiving emails from the mailing list even
though I can see them in the archive.
In response to Dave and Mostolog, each log line is a valid JSON and I would
really prefer to only rely on liblognorm for parsing and not depend on
mmjsonparse. Besides reluctance of installi
lognorm has the json type that you can use to extract json from the message, or
if the message is all json you can use mmjsonparse.
if you aren't already using the version=2 features, you should really take a
look at them, there is a lot of new capabilities in recent versions.
David Lang
El
I dont know if this is what you are talking
http://www.rsyslog.com/doc/master/configuration/modules/mmjsonparse.html
BTW: whats your rsyslog omelasticsearch index rate?
Last test I made (with a basic configuration) we got ~10k/min only with
latest ES version (perhaps its not fully compatible).
Hi there,
We've been using librlognorm templates to parse log files and send their
content to Elasticsearch as JSON. At this point we need to parse logs that
are already in JSON format. So, I am wondering if there is a way to write a
liblognorm template that would create a JSON object from each lo
9 matches
Mail list logo
