If you're looking for a grok equivalent, have a look at mmnormalize: http://www.rsyslog.com/doc/master/configuration/modules/mmnormalize.html
It's not as flexible as grok is by using regular expressions, but it should be a lot faster. You would have to come up with your own patterns, though, and you can look at the documentation for liblognorm (the library on which mmnormalize is based) to get all the info about building patterns: http://rsyslog.github.io/liblognorm/doc/_build/html/ Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Wed, Oct 8, 2014 at 2:06 PM, SjirBagmeijer <[email protected]> wrote: > I have everything shipped now without issues! Thank you again for all the > help provided so far. > > I have one final question is there a way also to get the json file to be > split basically how you do in Logstash with grok so Kibana does show > everything on different fields? > > Basically like i do here with logstash: > https://trash.ulyaoth.net/trash/png/logstash/geoip/logstashgeoip.png > > > So there is a "request" field, "status" field etc. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
