Mickael Brangeon
Reputation: 79
fluentd and grok parser, add a key value
I use an input syslog and the parser with grok expressions in fluentd. It works well, but I would like to add a key in the fluentd parsed message. The key would be the whole message itself. example with raw key:
{
time: grokked time
host: grokked hostname
...
raw : the whole raw message,
}
how to do that ?
Upvotes: 0
Views: 434
Answers (2)
Mickael Brangeon
Reputation: 79
yep I got it working at the same time with
<filter syslog>
@type record_transformer
enable_ruby
<record>
raw ${record}
</record>
</filter>
Upvotes: 0
Max Lobur
Reputation: 6040
Add another filter:
<filter **>
@type record_transformer
enable_ruby
<record>
raw ${record["message"]}
</record>
</filter>
Upvotes: 1
Related Questions
- How do I get fluentd / elasticsearch to parse the "log" key_name as json from a kubernetes pod?
- fluentd not parsing JSON log file entry
- Parse logs in fluentd
- add custom fields in Elasticsearch indices while pushing logs from Fluentd
- Create Field using fluentd
- Parsing in FluentD with Regexp
- Using Grok parser in Fluentd
- Add raw fields in elasticsearch from fluentd
- stack elasticsearch + fluentd
- Parsing data with fluentd