-
Notifications
You must be signed in to change notification settings - Fork 637
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot access json fields #1116
Comments
On Sat, 13 Aug 2016, Micah Martin wrote:
I suspect that the problem is the leading '_', but Rainer will have to confirm David Lang |
I've tried all the fields, even the ones without the '_', and none of them work. |
On Sat, 13 Aug 2016, Micah Martin wrote:
I've tried all the fields, even the ones without the '_', and none of them work.
if you write with the format RSYSLOG_DebugFormat what do you get?
David Lang
|
Can you elaborate? I'm new to rsyslog.
|
use the template RSYSLOG_DebugFormat On Sat, 13 Aug 2016, Micah Martin wrote:
|
Here's the output:
|
can you pls do a
and post the result. Note: you may need to add the path to rsyslogd to the command if it is not in your search path (it sometimes is not). |
Why / are escaped? |
having the exact same issue using imjournal and trying to access the CEE fields:
output: if I don't try specifying a path to a particular field, all the fields are output as json:
output: |
@james-lawrence I guess the second output part is wrong... |
? in what sense the message looks fine to me. (if you're referring to the {...} that is for brevity, the actual fields are all there, same for the ) |
@james-lawrence well, the elipsis has actually the information that is interesting ;-) |
ha, I'll get them actual information then. Its pretty much the standard journald data as posted in the original message. Didn't think I'd need to repeat it. =) |
I thought something was missing in the original message? :-S |
no we just can't access the fields as my two templates demonstrate. using the original message example data set: the first template I try to access the PRIORITY field. i.e. in the second template I do not try to get any fields i.e.) according to the documentation I should be able to access nested values with the path seperated by |
Which version? I think I remember there were some with variable case Sent from phone, thus brief. Am 27.10.2016 18:38 schrieb "James" notifications@github.com:
|
about 10 versions ago. so relatively old I suppose. I can try a more recent version this weekend maybe? will need to see if there is a update package in some rpm repository.
|
On Thu, 27 Oct 2016, James wrote:
? in what sense the it looks fine to me. (if you're referring to the {...} that is for brevity, the actual fields are all there)
This looks like $!PRIORITY isn't really there, what sets this variable?
David Lang
|
@davidelang, its the first property in $!. I'm just going to see if its fixed in the a newer version if I can find a prebuilt package. |
Go to rsyslog.com to find packages. Sent from phone, thus brief. Am 28.10.2016 02:14 schrieb "James" notifications@github.com:
|
I think @rgerhards refers to #962 |
@micahlmartin @james-lawrence Do you still have this issue with 8.22? |
I'll test this weekend. |
update: still broken as far as I can tell. tested on arch linux.
output in log, expected
|
I'm wondering why all properties under $! are uppercased... |
maybe next weekend, jsonmesg iirc gave the exact same output as $!. |
this may be a case squashing problem. I think that rsyslog squashes the case for anything in the config file, and also squashes the case for property names that are parsed via some methods, but not all. changing things to be case sensitive will break existing configs I still think it would be useful to have a config option to allow property names to be case sensitive (default off) the other option is #1282 which would let you lowercase the property names after they have been parsed. |
Any progress on this issue? It took me a while to figure out this behavior/bug. The workaround I got is to lowercase my message at source, since extracting properties is important for my use case. |
I tried to get it to work with the following config, which didn't work.
Then I tried to upgrade to v8.24, where the issue still exists.
Could you give any feedback whether it's fixed in v8.30? I saw that you did some refactorings. |
you may need to enable case sensitive fieldnames, but please print out a sample
log message that this should work with, ideally via the RSYSLOG_DebugFormat
template, so that we can see what's what.
k
|
I applied FYI I'm trying to setup docker log forwarding by using the |
If everything is in upper case when output ith RSYSLOG_DebugFormat, that is the
cause of your problem. By default, rsyslog lowercases the json field names to
make them case-insensitive in the config. If you need uppper case to match the
JSON you are receiving, you need to explicitly enable that.
|
@davidelang thanks, that helped.
# /etc/docker/daemon.json
{ "log-driver": "journald", "log-opts": {"tag": "{{.Name}}/{{.ID}}"}} And that's the final working config
Here's the whole config I'm using: https://gist.github.com/marcbachmann/00aca56839d9ba886fce1faf10faa355 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Here's the config I have:
The output of
/var/log/foo
is blank. However if I specifyproperty(name="$!")
I get this:I've tried every combination of accessing variables off of
$!
with no luck. Any idea what I'm doing wrong?The text was updated successfully, but these errors were encountered: