[GH#41971] include syslog inputs

modules/cluster-logging-collector-log-forward-syslog.adoc

@@ -49,19 +49,24 @@ spec:
       rfc: RFC5424
       severity: debug
      url: 'udp://rsyslogserver.west.example.com:514'
+  inputs: <8>
+  - name: my-app-logs
+    application:
+      namespaces:
+      - my-project 
   pipelines:
-   - name: syslog-east <8>
-     inputRefs: <9>
+   - name: syslog-east <9>
+     inputRefs: <10>
      - audit
      - application
-     outputRefs: <10>
+     outputRefs: <11>
      - rsyslog-east
-     - default <11>
-     parse: json <12>
+     - default <12>
+     parse: json <13>
      labels:
-       secure: "true" <13>
+       secure: "true" <14>
        syslog: "east"
-   - name: syslog-west <14>
+   - name: syslog-west <15>
      inputRefs:
      - infrastructure
      outputRefs:
@@ -77,13 +82,14 @@ spec:
 <5> Optional: Specify the syslog parameters, listed below.
 <6> Specify the URL and port of the external syslog instance. You can use the `udp` (insecure), `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
 <7> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent.
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
-<12> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
-<13> Optional: String. One or more labels to add to the logs. Quote values like "true" so they are recognized as string values, not as a boolean.
-<14> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
+<8> Configuration for an input to filter application logs from the specified projects.
+<9> Optional: Specify a name for the pipeline.
+<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<12> Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
+<13> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
+<14> Optional: String. One or more labels to add to the logs. Quote values like "true" so they are recognized as string values, not as a boolean.
+<15> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
 ** A name to describe the pipeline.
 ** The `inputRefs` is the log type to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
 ** The `outputRefs` is the name of the output to use.
@@ -191,4 +197,4 @@ The following parameters apply to RFC5424:
 
 * appName: The APP-NAME is a free-text string that identifies the application that sent the log. Must be specified for `RFC5424`.
 * msgID: The MSGID is a free-text string that identifies the type of message. Must be specified for `RFC5424`.
-* procID: The PROCID is a free-text string. A change in the value indicates a discontinuity in syslog reporting. Must be specified for `RFC5424`.
+* procID: The PROCID is a free-text string. A change in the value indicates a discontinuity in syslog reporting. Must be specified for `RFC5424`.