Iterating over all structured data in rsyslog templates

Tom

3/23/23, 1:36 PM

I've got a bunch of services that log to a remote rsyslog instance using RFC5424 structured data format. I then need to convert that into JSON to feed to logstash which then feeds it into elasticsearch.

Is there a way in an rsyslog template to just say "Convert all the RFC5424 fields to JSON"? Or is there a way to iterate over all the structured data fields? Or even all the fields in the record, either header or structured?

Each service logs a different set of fields, so as things stand either I have to write a template that lists out every single field logged anywhere or write separate templates for each service. Neither is very satisfactory.

0 + 0

rsyslog

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Iterating over all structured data in rsyslog templates

TH: วนซ้ำข้อมูลที่มีโครงสร้างทั้งหมดในเทมเพลต rsyslog

RO: Iterarea peste toate datele structurate în șabloanele rsyslog

RU: Перебор всех структурированных данных в шаблонах rsyslog

VI: Lặp lại tất cả dữ liệu có cấu trúc trong các mẫu rsyslog

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.