Hey guys, I am trying to inject some structured data before forwarding my logs with rsyslog (version is 5.8 but I think I can upgrade if this is not possible with this version) to Graylog.
I am trying to play with the template in /etc/rsyslog.d/90-log-aggregation.conf file, but I can't seem to find documentation on how to do that, my original template is this: $template HostSID_SyslogProtocol23Format,<%%PRI%>1 %TIMESTAMP:::date-rfc3339% HostSID %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n\" what should I do to inject a couple of fields (structured data?) i.e. role=something and/or realm=dev ? So I could search in graylog web UI using realm:something Currently I can only do it using source:HostSID because it's positional default in the template, but what if I want to add more? Thanks cheers Angelo -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3040bc1a-6dc7-4712-bf39-54852fc7c7d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
