Merge Looks like String concat, which I think we support (but I may be
wrong).
Sent from phone, thus brief.
Am 23.11.2016 19:51 schrieb "David Lang" <da...@lang.hm>:
> On Wed, 23 Nov 2016, mosto...@gmail.com wrote:
>
> you can combine variables to form a string that looks like a date in the
>>> output, but you can't take arbitrary date parts in a log message and parse
>>> them into a real timestamp field that would let you output it in different
>>> formats.
>>>
>> back on my pipeline proposal, wouldn't this solve the issue?
>> pipeline {
>> input()
>> processor() //extract %year%,%month%,%day%
>> processor() //merge "%year%:%month%:%day%" as date type
>> property/field
>> output()
>> }
>>
>
> you don't need to invent pipelines and change how rsyslog processes
> things, you need need to add the merge function.
>
> The problem is the fact that there are so many ways timestamp data can be
> scattered in a log message. take a look at the output of date --help and
> look at all the formatting options. I guarantee that some log somewhere
> will use every one of them.
>
> David Lang
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
