[rsyslog-notify] Forum Thread: Re: TSV data into mongodb - (Mode 'edit_last_post')

[noreply at adiscon.com]

User: toddaa 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25589#p25589

Message: 
----------
dlang,

This is absolutely great.  Thanks again for helping me with this. 

I was wondering if you could jump back with me to the mongodb template.  I
currently have the following:

[code:1xsy2sm9]template(name="mongoFormat" type="string"
string="\"sys\":\"%hostname%\",
\"time\":\"%timereported:::date-rfc3339%\",
\"timercvd\":\"%timegenerated:::date-rfc3339%\",
\"hostip\":\"%fromhost-ip%\", \"syslogtag\":\"%syslogtag%\",
\"xseverity\":\"%$!r1%\"")[/code:1xsy2sm9]

Per the mongodb output documentation (<!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/v7-stable/configuration/modules/ommongodb.html">http://www.rsyslog.com/doc/v7-stable/co
... ngodb.html</a><!-- m -->) I believe the field names I am using should
be inserted into the collection, but they are not.  I end up with the
variable name as the field name.  The values are correct, and I have added
all 25 fields being generated from mmnormalize as well.  I removed them to
make diag easier.  Even the first entry in the string does this which isnt
part of what goes through mmnormalize.  

If I write to a file with the same template it seems correct:

[code:1xsy2sm9]"sys" : "remotesvr", "time" :
"2015-05-13T09:56:30-04:00", "timercvd" :
"2015-05-13T09:56:31.278015-04:00", "hostip" :
"10.0.0.3", "syslogtag" : "remote", "xseverity" : "
INFO"[/code:1xsy2sm9]

Any ideas?