Hi, I would recommend upgrading your rsyslog version to the latest. http://www.rsyslog.com/doc/v8-stable/configuration/modules/mmpstrucdata.html
On Friday, August 28, 2015 at 3:11:52 PM UTC-5, Angelo Pantano wrote: > > Hey guys, I am trying to inject some structured data before forwarding my > logs with rsyslog (version is 5.8 but I think I can upgrade if this is not > possible with this version) to Graylog. > > I am trying to play with the template in > /etc/rsyslog.d/90-log-aggregation.conf file, but I can't seem to find > documentation on how to do that, my original template is this: > > > $template HostSID_SyslogProtocol23Format,<%%PRI%>1 > %TIMESTAMP:::date-rfc3339% HostSID %APP-NAME% %PROCID% %MSGID% > %STRUCTURED-DATA% %msg%\n\" > > > what should I do to inject a couple of fields (structured data?) i.e. > role=something and/or realm=dev ? So I could search in graylog web UI using > realm:something > > Currently I can only do it using source:HostSID because it's positional > default in the template, but what if I want to add more? > > Thanks > cheers > Angelo > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/44cb2a70-1a5f-4026-a718-bb75f5c857f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
