syslog - Include "<time>" in record
96 views
Skip to first unread message
curtis bradley
Jan 4, 2022, 10:28:21 PM1/4/22
to Fluentd Google Group
I've been banging on this for days. I'm new to EFK stack and I'm stuck! I need to have the "<time>" element to appear in the JSON record for Elasticsearch
Thanks!
= fluent.conf
<source>
@type syslog
port 5140
tag system
<parse>
@type regexp
expression /^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[^ :\[]*) *(?<message>.*)$/
time_key time
time_format %b %d %H:%M:%S
</parse>
</source>
@type syslog
port 5140
tag system
<parse>
@type regexp
expression /^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[^ :\[]*) *(?<message>.*)$/
time_key time
time_format %b %d %H:%M:%S
</parse>
</source>
<match system.**>
@type copy
# <store>
# @type elasticsearch
# suppress_type_name true
# flush_interval 1s
# host aps-elasticsearch
# port 9200
# index_name aps_sys
# </store>
<store>
@type stdout
</store>
</match>
@type copy
# <store>
# @type elasticsearch
# suppress_type_name true
# flush_interval 1s
# host aps-elasticsearch
# port 9200
# index_name aps_sys
# </store>
<store>
@type stdout
</store>
</match>
= tail -f /var/log/messages
Jan 5 03:23:14 ccvm google-chrome.desktop: [14413:14444:0105/032314.240763:ERROR:connection_factory_impl.cc(425)] Failed to connect to MCS endpoint with error -101
= FluentD console
2022-01-05 03:23:14.000000000 +0000 system.user.info: {"host":"ccvm","ident":"google-chrome.desktop","message":": [14413:14444:0105/032314.240763:ERROR:connection_factory_impl.cc(425)] Failed to connect to MCS endpoint with error -101"}
Reply all
Reply to author
Forward
0 new messages