[syslog-ng] (no subject)
Radu Gheorghe
radu.gheorghe at sematext.com
Fri Jul 18 18:58:03 CEST 2014
P.S. Sorry for not adding a subject :( I guess it's too late now...
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
On Fri, Jul 18, 2014 at 7:57 PM, Radu Gheorghe <radu.gheorghe at sematext.com>
wrote:
> Hi,
>
> This is my first post here, so I have to start by thanking all the
> contributors for an awesome product :)
>
> My question is about adding an array to a JSON document. What I'm trying
> to do is to send a message like this:
>
> @cee: {"message": "test message", "tags":["test", "message"]}
>
> My template looks a like this:
>
> template("@cee: $(format-json --pair message=\"$MSG\" --pair
> tags="test")\n")
>
> This works fine for a single tag, but how can I add multiple ones?
>
> The broader use-case is that I want to add tags to logs matching a
> specific filter. For example:
> ----------------------
> filter user_tests { facility(user) and message(test) };
>
> destination logsene_tests {
> syslog("logsene-receiver-syslog.sematext.com"
> transport("tcp")
> port(514)
> template("@cee: $(format-json --pair message=\"$MSG\" --pair
> tags=\"test\")\n")
> );
> };
>
> log { source(all_syslog); filter(user_tests); destination(logsene_tests);
> flags(final); };
> ----------------------
>
> If there's a better way to add multiple tags to a log, please tell me -
> I'm good with making big changes if it leads to a cleaner/better config.
>
> Best regards,
> Radu
> --
> Performance Monitoring * Log Analytics * Search Analytics
> Solr & Elasticsearch Support * http://sematext.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140718/6a061b6e/attachment.htm
More information about the syslog-ng
mailing list