[syslog-ng] Is it possible to append a new jSON field?

Jorge Pereira jpereiran at gmail.com
Mon Sep 5 22:07:38 CEST 2016 

Thanks so much, appreciate your help!

--
Jorge Pereira

On Mon, Sep 5, 2016 at 7:44 AM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:

> I think Fabien is right, but maybe some more hints could help you. So,
> yes, json-parser() is responsible for parsing messages out-of your log
> file, it simply sets a number of name-value pairs based on the input.
>
> log {
>   source {
>     file("/var/log/app.log");
>   };
>   parser { json-parser(); };
>   destination { tcp("logcollector" template(""$(format-json --pair
> newfield=\"value\")")); };
>
> };
>
> If you don't want to specify template towards your log collector
> explicitly, you can also rewrite the $MSG name-value pair:
>
> rewrite { set("$(format-json --pair newfield=\"value\")" value('MSG')); };
>
> This way, your collector destination may find a properly json formatted
> message that it can send out without using a specific template string.
>
>
> --
> Bazsi
>
> On Sun, Sep 4, 2016 at 2:42 AM, Jorge Pereira <jpereiran at gmail.com> wrote:
>
>> Hi team,
>>
>>    Currently, I receive a jSON log from X, but I would like to append a
>> new field. is it possible?
>>
>> e.g: I am trying to do something like:
>>
>> log {
>>     source {
>>       file("/var/log/app.jsonlog"
>>         program_override("ng_app")
>>         follow_freq(1)
>>         flags(no-parse)
>>         template("$(format-json --pair newfield=\"value\")");
>>       );
>>     };
>>
>>     destination(d_remote_collector);
>> };
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160905/8011b31a/attachment.htm

More information about the syslog-ng mailing list