[syslog-ng] Change JSON Format

[Scheidler, Balázs]

Hi,

format-json uses the value-pairs syntax, and I agree that the docs is not
very clear on that. Here's the right section:

http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#options-value-pairs


 You can rename stuff using the --pair argument:

$(format-json --pair name=$VALUE

macro resolution is possible after the equal sign, in fact it is a complete
template, that may again contain template functions and such. You might
even be interested in rekey() where you can apply simple transformation on
key names automatically:

$(format-json --rekey .cee.* --add-prefix events.)

Hope this helps,


-- 
Bazsi

On Wed, Jan 28, 2015 at 10:02 AM, Daniel Neubacher <
daniel.neubacher at xing.com> wrote:

>  Hey there,
>
> right now I’m playing around with different json shippers for log files
> and I’m a bit lost with syslog-ng. I’ve read the docs but I still don’t
> know how to change the json Fields syslog-ng sends out. In order to get my
> new Installation approved I have to keep the old field names in mind, for
> example syslog sends out HOST_FROM but I  need source_host. Right now
> logstash/mutate does the renaming but I don’t like to waste performance
> there.
>
>
>
> My destination:
>
> destination d_logstash_syslog_syslog_new {tcp("consumer.foo.bar"
> port(6002) template("$(format-json --scope selected_macros --scope
> nv_pairs)\n") );};
>
>
>
>
>
> Thanks in advance
>
> Daniel
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150128/23f0d82d/attachment.htm