Hi Filip, The reason for this is that the Text serializer will only serialized the body of the event, and the syslog sources write the body of the syslog event into the body of the flume event. The hostname/timestamp/severity etc are added into the Flume Event headers. You could simply write a serializer which writes out this information in the same format as you expect and you will be able to see the headers in the files. You could use the Avro serializer to serialize it into avro too, which will make sure the headers are also written out.
Hope this helps. Hari -- Hari Shreedharan On Tuesday, October 16, 2012 at 2:27 PM, Filip Slunecko wrote: > Hi, > > I am trying to use syslog source and sink it to hdfs or fileroller. > Everything is working, but "saved" logs are without timestamp and > hostname information. > Is it possible to force flume-ng to dump those information from syslog > header togather with body lines? > > I am using flume-ng-agent-1.2.0+24.4-1.noarch from Cloudera repository. > > Thanks, > > Filip
