taotetek · February 20, 2016 13:25
diff --git a/rsyslog_to_es_template.conf b/rsyslog_to_es_template.conf
 template(name="cee_syslog" type="list") {
  constant(value="{\"@timestamp\":\"")
  property(name="timereported" dateFormat="rfc3339")
  constant(value="\",\"syslog_host\":\"")
  property(name="hostname")
  constant(value="\",\"syslog_program\":\"")
  property(name="programname")
  constant(value="\",\"syslog_severity\":\"")
  property(name="syslogseverity-text")
  constant(value="\",\"syslog_facility\":\"")
  property(name="syslogfacility-text")
  constant(value="\",\"syslog_tag\":\"")
  property(name="syslogtag" format="json")
  constant(value="\",\"noidx_rawmsg\":\"")
  property(name="rawmsg" format="json")
  constant(value="\",")
  property(name="$!all-json" position.from="2")
 }
	template(name="cee_syslog" type="list") {
	constant(value="{\"@timestamp\":\"")
	property(name="timereported" dateFormat="rfc3339")
	constant(value="\",\"syslog_host\":\"")
	property(name="hostname")
	constant(value="\",\"syslog_program\":\"")
	property(name="programname")
	constant(value="\",\"syslog_severity\":\"")
	property(name="syslogseverity-text")
	constant(value="\",\"syslog_facility\":\"")
	property(name="syslogfacility-text")
	constant(value="\",\"syslog_tag\":\"")
	property(name="syslogtag" format="json")
	constant(value="\",\"noidx_rawmsg\":\"")
	property(name="rawmsg" format="json")
	constant(value="\",")
	property(name="$!all-json" position.from="2")
	}