[rsyslog-notify] Forum Thread: How to indicate rsyslog filename in a template? - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Sep 1 21:22:36 CEST 2016
User: ZillaG
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26923#p26923
Message:
----------
I'm shipping my application's log files via rsyslog to a remote Logstash
server - I have the infrastructure working now.
I'm using a list template to wrap my logs this way
[code:1zmrlesx]template(name="textLogTemplate" type="list") {
constant(value="{ ")
constant(value="\"type\":\"")
property(name="programname")
constant(value="\", ")
constant(value="\"host\":\"")
property(name="hostname")
constant(value="\", ")
constant(value="\"timestamp\":\"")
property(name="timestamp" dateFormat="rfc3339")
constant(value="\", ")
constant(value="\"@version\":\"1\", ")
constant(value="\"customer\":\"\", ")
constant(value="\"role\":\"cf_cim\", ")
constant(value="\"sourcefile\":\"")
property(name="$!metadata!filename")
constant(value="\", ")
constant(value="\"message\":\"")
property(name="rawmsg" format="json")
constant(value="\"}\n")
}
[/code:1zmrlesx]
However, when I get the logs on the Logstash server, the "sourcefile" entry
is blank. What do I need here so that i'm able to see that
sourcefile=/path_to_app_logs/myfile.log on the remote Logstash server?
[code:1zmrlesx]
constant(value="\"sourcefile\":\"")
property(name="$!metadata!filename")
constant(value="\", ")
[/code:1zmrlesx]
More information about the rsyslog-notify
mailing list