Hi Rainer, Your suggested configuration looks a bit better, but it still requires one to put commas - so it's still on the ugly side. But better. The "vision" looks much better still, because it's easy to add/remove properties without breaking the syntax.
Regarding priorities, I really don't know how many people would benefit from this (and therefore increase adoption). I would assume those sending to Elasticsearch will, but I'm not sure how big the "share" is. Maybe you can look at some stats from rsyslog.com and see which pages have the most visits - hopefully that would be a good indicator of which things from the feature list would be more useful. Though I have to add that users don't necessarily know what's good for the project :). But still, some info is better than none. Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Fri, Oct 10, 2014 at 2:25 PM, Rainer Gerhards <[email protected]> wrote: > Hi all, > > from a recent conversation on this list, we got this template sample: > > template(name="uly-nginx" type="list") { > constant(value="{") > constant(value="\"@timestamp\":\"") property(name="timereported" > dateFormat="rfc3339") > constant(value="\",\"host\":\"") property(name="hostname") > constant(value="\",\"severity\":\"") > property(name="syslogseverity-text") > constant(value="\",\"facility\":\"") > property(name="syslogfacility-text") > constant(value="\",\"tag\":\"") property(name="syslogtag" > format="json") > constant(value="\",\"message\":\"") property(name="msg" > format="json") > constant(value="\"}") > } > > I thought all those backslashes look a bit ugly. So I changed the format a > little bit: > > template(name="testTemplate3" type="list") { > constant(value="{") > property(outname="@timestamp" name="timereported" format="jsonf" > dateFormat="rfc3339") constant(value=", ") > property(outname="host" name="hostname" format="jsonf") constant(value=", > ") > property(outname="severity" name="syslogseverity-text" format="jsonf") > constant(value=", ") > property(outname="facility" name="syslogfacility-text" format="jsonf") > constant(value=", ") > property(outname="tag" name="syslogtag" format="jsonf") constant(value=", > ") > property(outname="message" name="msg" format="jsonf") > constant(value="\"}") > } > > Does this second sample look better or worse? > > I am asking because I think of ways to simplify use of JSON in rsyslog. In > v8-devel, I could envision something along these lines: > > template(name="testTemplate3" type="list" format="jsonf") { > property(outname="@timestamp" name="timereported" dateFormat="rfc3339") > property(outname="host" name="hostname") > property(outname="severity" name="syslogseverity-text") > property(outname="facility" name="syslogfacility-text") > property(outname="tag" name="syslogtag") > property(outname="message" name="msg") > } > > Would that be better? If so, do you think that would be worth the effort > implementing it (given the long list of other feature requests)? > > Feedback is appreciated. > > Rainer > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
