On Wed, 3 Oct 2018, John Chivian wrote:
Thank you David. You're comment has led me to this...
ruleset(name="fix_names") {
action(
type="mmexternal"
name="normalize-names"
binary="/etc/rsyslog.d/transforms/prefix_names.sh"
interface.input="rawmsg"
output="/logspool/prefix_results.txt"
)
action(
type="omfile"
name="mmexternal-debug"
template="rawmsg"
File="/logspool/mext.out"
)
}
I know the external script is functioning because the prefix_results.txt
file (from the first action) shows the correct results, but when I then
immediately write out the rawmsg (in the second action) I get the
original, unmodified value.
can you provide an example of a log message that's send to your script and the
output that you get from your script?
David Lang
I must be missing something fundamental, and will revisit the
documentation, but I'd be grateful for any words of wisdom or guidance.
Thanks, John
On 10/2/18 3:11 PM, David Lang wrote:
On Tue, 2 Oct 2018, John Chivian wrote:
Hello Group:
I am trying to determine the best way to transform the field names
of a simple JSON object that is rawmsg. The objects are fluid having
both numeric and string content, but are always in the form...
{ "aStr": "aString","bStr": "bString","cNum": 0,"dStr":
"cString" }
I need to add a prefix "ny_" to the field names such that the
result would be...
{ "ny_aStr": "aString","ny_bStr": "bString","ny_cNum":
0,"ny_dStr": "cString" }
I have a sed script with extractions that can do this
transformation...
's/\([^"]\+\)"\([^"]\+\)":/\1"ny_\2":/g'
...but I don't know if it's possible to integrate that into a
template with the property replacer, or if there's a better cleaner
way to do it.
Any and all recommendations are greatly appreciated.
I think you would have to resort to code outside of rsyslog (either a
custom mm module or mmexternal to call a script of your devising) to
change the field contents like that for an arbitrary and changing list
of fields.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
