[syslog-ng] Is it possible to append a new jSON field?
Scheidler, Balázs
balazs.scheidler at balabit.com
Mon Sep 5 12:44:16 CEST 2016
I think Fabien is right, but maybe some more hints could help you. So, yes,
json-parser() is responsible for parsing messages out-of your log file, it
simply sets a number of name-value pairs based on the input.
log {
source {
file("/var/log/app.log");
};
parser { json-parser(); };
destination { tcp("logcollector" template(""$(format-json --pair
newfield=\"value\")")); };
};
If you don't want to specify template towards your log collector
explicitly, you can also rewrite the $MSG name-value pair:
rewrite { set("$(format-json --pair newfield=\"value\")" value('MSG')); };
This way, your collector destination may find a properly json formatted
message that it can send out without using a specific template string.
--
Bazsi
On Sun, Sep 4, 2016 at 2:42 AM, Jorge Pereira <jpereiran at gmail.com> wrote:
> Hi team,
>
> Currently, I receive a jSON log from X, but I would like to append a
> new field. is it possible?
>
> e.g: I am trying to do something like:
>
> log {
> source {
> file("/var/log/app.jsonlog"
> program_override("ng_app")
> follow_freq(1)
> flags(no-parse)
> template("$(format-json --pair newfield=\"value\")");
> );
> };
>
> destination(d_remote_collector);
> };
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160905/984a7ced/attachment.htm
More information about the syslog-ng
mailing list