On Thu, 9 Feb 2017, mostolog--- via rsyslog wrote:
Hi
While working with liblognorm we have found the /need/ of *using rule tags*.
However setting */rule=aa:%.:@syslog% Foo%message:rest%/* doesn't seem to add
a /tags/ field to the message:
<12>2017-02-09T13:32:34.884+01:00 computer tag:
FooWhateverFollowsREDACTED
although it seems to parse it properly:
{ "message": "WhateverFollowsREDACTED", "syslogtag": "tag",
"hostname": "computer", "date": "2017-02-09T13:32:34.884+01:00",
"priority": "12"
Where is the metadata/tags field which is supposed to contain rule tags?
$.tags? $.metadata? Is that documented somewhere?
I believe that it creates $!event.tags
if you are running lognormalize, you need to add a flag (-T IIRC) to get the
tags shown in the output. I don't remember off the top of my head if this needs
to be enabled via a config option for mmnormalize.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
