parse_log
Parses common log Formats into structured data.
-
Common
-
Advanced
processors:
label: ""
parse_log:
format: "" # No default (required)processors:
label: ""
parse_log:
format: "" # No default (required)
best_effort: true
allow_rfc3339: true
default_year: current
default_timezone: UTCFields
allow_rfc3339
Also accept timestamps in rfc3339 format while parsing. Applicable to format syslog_rfc3164.
Type: bool
Default: true
best_effort
Still returns partially parsed messages even if an error occurs.
Type: bool
Default: true
default_timezone
Sets the strategy to decide the timezone for rfc3164 timestamps. Applicable to format syslog_rfc3164. This value should follow the time.LoadLocation format.
Type: string
Default: UTC
Formats
syslog_rfc5424
Attempts to parse a log following the Syslog RFC5424 spec. The resulting structured document may contain any of the following fields:
-
message(string) -
timestamp(string, RFC3339) -
facility(int) -
severity(int) -
priority(int) -
version(int) -
hostname(string) -
procid(string) -
appname(string) -
msgid(string) -
structureddata(object)
syslog_rfc3164
Attempts to parse a log following the Syslog rfc3164 spec. The resulting structured document may contain any of the following fields:
-
message(string) -
timestamp(string, RFC3339) -
facility(int) -
severity(int) -
priority(int) -
hostname(string) -
procid(string) -
appname(string) -
msgid(string)
