On Thu, 7 Apr 2016, Matt Ford wrote:
Thanks for the help thus far I'm able to parse arbitrary json logs and
get them into kafka very nicely.
However, due to the many different systems in use there is key
namespace clashes in the final destination (Elasticsearch)
I have some JSON logs like this from one app
{ "login": 234343,... }
and some JSON logs like this from another app
{ "login": "matt",... }
Is it possible to parse and change the key space to look like this
{ "app1_login": 234343, "app1_XX:": ....}
{ "app2_login": "matt", "app2_XX:":...}
Anythoughts on that or an alternative approach greatly appreciated :-)
if (test for app1) then {
set $!app1_login = $!login;
unset $!login;
}
with mmnormalize, you can specify a namespace to put the resulting variables
into, so instead of
{ "login": 234343,... }
you would do
{ "app1": { "login": 234343,... }}
In rsyslog, this would be referrred to as $!app1!login
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
