adding field types. #5
Description
Hey @pschiffe
I love your approach:
template(name="elasticsearch-json" type="list") {
constant(value="{")
property(name="timestamp" dateFormat="rfc3339" format="jsonf")
constant(value=",")
property(name="$!all-json" position.from="2")
}
# add interesting properties from rsyslog to $!all-json
set $!host = $hostname;
set $!facility = $syslogfacility-text;
set $!severity = $syslogseverity-text;
set $!tag = $syslogtag;
set $!message = $msg;
Its brilliant for it allow a novice as me to easy change and edit the template.
Now i have been working on it for a couple of weeks but i really want to add field types is this at all possible in the way of defining the variables like you did in the conf ?
Here's my template I am looking for the syntax if it exists
something like this:
set $!source_ip = $fromhost-ip; type = ip;
# this is for index names to be like: rsyslog-YYYY.MM.DD
template(name="rsyslog-index" type="string" string="rsyslog-%$DAY%.%$MONTH%.%$YEAR%")
# this is for formatting our syslog in JSON with @timestamp
# format the syslog messages as JSON for elasticsearch
template(name="json-syslog" type="list") {
constant(value="{")
property(name="timestamp" dateFormat="rfc3339" format="jsonf")
constant(value=",")
property(name="$!all-json" position.from="2")
}
# add interesting properties from rsyslog to $!all-json
set $!hostc = $hostname;
set $!source_host = $fromhost;
set $!source_ip = $fromhost-ip;
set $!program = $programname;
set $!facilitynr = $syslogfacility;
set $!serveritynr = $syslogseverity;
set $!priority = $syslogpriority;
set $!rsys_module = $inputname;
set $!host = $fromhost;
set $!facility = $syslogfacility-text;
set $!severity = $syslogseverity-text;
set $!tag = $syslogtag;
set $!msg = $msg;
set $!org_msg = $rawmsg;
thanks !