[syslog-ng] Check if field in message and use default if not.

[Péter, Kókai]

Hello,

You could use rewrite rule for this, but in fact macro expansion is capable
to solve your problem: `${.cake:-no-cake}` where if `.cake` exists uses its
value, otherwise the string after `:-`

@version: 3.20

log {
        source { stdin(flags(no-parse)); };
        parser { kv-parser(prefix(".")); };
        rewrite { set("[${.cake:-no-cake}]" value("MESSAGE")); };
        #destination { file("/dev/stdout"
template("${.cake:-undefined}\n")); };
        destination { file("/dev/stdout"); };
};

As the result you could either use rewrite/set to add the value to the msg
itself (other destination/parser/filter could use it), or you could just
use it directly in the destination macro expansion.
It really depends on your setup which place you should prefer.

--
Kokan


On Tue, Mar 5, 2019 at 12:56 AM Ronald Fenner <rfenner at gamecircus.com>
wrote:

>
> I generate a Kafka topic to send the message to by doing:
> topic("${topic}.${environment}")
> What I'd like to do if the field wasn't in the json message to provide a
> default value.
>
> Im looking for like a tertiary operator to use In the topic or perhaps a
> rewrite rule.
>
> I see the conditional expressions but from the docs it doesn't look like I
> can use it in the topic or a rewrite rule
> NOTE: My messages are json stings that get parsed and then imploded back
> to json as it's sent.
>
> Thanks
>
> Ronald Fenner
> Network Architect
> Game Circus LLC.
>
> rfenner at gamecircus.com
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190305/d17e44cb/attachment.html>