Hello, I am collecting syslog messages in format RFC5424 sent via rsyslog, I haven't been able so far to find a way to set the severity level directly from rsyslog, so I'd like to see if it's possible/easier in graylog. The lines in the file are like this
2016-03-10 07:01:09,778 INFO [taskname] long description 1 > 2016-03-10 07:01:09,784 DEBUG [taskname] long description 2 > Basically I'd like to extract the following - Time can be removed (already got it from syslog) - Level should should be converted from log4j levels (DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERG) into syslog names or levels (0-7) - Appname extracted from [] Is that possible to do? I found out the following, - In the level extraction I can simple extract the level from the original logs, but it won't be in numeric format, how could I convert from one to the other? None of the default converters seem to be appropiate for this. - In the message field the information I extracted is still shown, (even if in the filter is selected to cut), I don't know if it's expected or a bug in the alpha5 version I'm using. I'd expect not having the file timestamp in the message, but it's there. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b7cb9515-6fda-4d86-bb17-14616d8c2c92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
