What version of rsyslog are you using? V7 has added a lot of capabilities to
deal with structured logs (JSON in particular). This includes adding, removing,
making decisions based on properties in the JSON message (including multiple
levels of nesting)
David Lang
On Thu, 14 Mar 2013,
Gregory Patmore wrote:
Date: Thu, 14 Mar 2013 15:47:00 -0400
From: Gregory Patmore <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: [rsyslog] Hello,
and pointers on parsing json message object into top level properties?
Hello Everyone,
If this is an inappropriate forum for this question I apologize,
Im forwarding json formatted messages on to a cloud service, however, it
doesn't seem to be able to handle indexing nested json objects well, so I
was wondering if anyone has any pointers or could point me in the right
direction to be able to break down the nested objects and attach them to a
top level object formatted by a rsyslog template.
Here's the details I'm working with:
1. msg property is currently getting passed to rsyslog as a pre-formatted
json object, although I can change this if it makes it easier to handle.
2. the number of properties in the json object is variable and I'd like to
find a solution that can adapt to evolving properties rather then hardcode
a filter for each possible property.
3. they are coming from a number of applications and getting forwarded to
my central logging server (not sure if this is relevant, just included it
in case there was a better place to tackle this then another).
4. Again, if it makes it easier/possible, I can assume there will be no
property name collisions between the nested object's properties and known
rsyslog property names.
5. I can pretty much change anything to get this formatted if this approach
is fundamentally flawed.
I could really use some advice on approach to solve. Thanks to anyone who
reads/helps.
G
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
