Skip to content
Permalink
Browse files

Update rsyslog example configuration

The properties `programname` and `procid` have been added to the JSON output under the keys `name` and `pid`, respectively.

Also, the formatting has been simplified slightly to have fewer `constant` expressions.
  • Loading branch information...
markuswustenberg committed Mar 1, 2019
1 parent 20cfab8 commit db867213ad992d244cbeac8a294618459b1da21d
Showing with 15 additions and 24 deletions.
  1. +15 −24 content/integrations/data-shippers/rsyslog.md
@@ -24,37 +24,28 @@ Create a file named `/etc/rsyslog.d/33-humio.conf` with the following contents

```groovy
module(load="omelasticsearch")
template(name="humiotemplate"
type="list"
option.json="on") {
constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",")
constant(value="\"message\":\"")
property(name="msg")
constant(value="\",")
constant(value="\"host\":\"")
property(name="hostname")
constant(value="\",")
constant(value="\"severity\":\"")
property(name="syslogseverity-text")
constant(value="\",")
constant(value="\"facility\":\"")
property(name="syslogfacility-text")
constant(value="\",")
constant(value="\"syslogtag\":\"")
property(name="syslogtag")
constant(value="\"")
constant(value="}")
}
template(name="humiotemplate" type="list" option.json="on") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"message\":\"") property(name="msg")
constant(value="\",\"host\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
constant(value="\",\"name\":\"") property(name="programname")
constant(value="\",\"pid\":\"") property(name="procid")
constant(value="\"}")
}
*.* action(type="omelasticsearch"
server="$HOST"
template="humiotemplate"
uid="$INGEST_TOKEN"
pwd="none"
bulkmode="on"
usehttps="on")
```

Remember to replace `$HOST` with your Humio host, i.e. `cloud.humio.com`

0 comments on commit db86721

Please sign in to comment.
You can’t perform that action at this time.