10-mdsd.conf

# This configuration enables rsyslog to send logs to mdsd output module: omazuremds.
# Configuration parameters:
#  - mdsdsocketfile: mdsd socket file full path.
#  - filter: The filter is for all facility and all severity. Change this accordingly.
#    Example, to only log kernel messages, replace *.* with kern.* .
#  - log_level <0|1> disable/enable logging (also you need to run rsyslog with -d to see logs)
$ModLoad omazuremds
$template fmt,"\"%syslogfacility-text:::json%\",\"%syslogseverity%\",\"%timereported:::date-rfc3339%\",\"%fromhost-ip%\",\"%msg:::json%\",\"%syslogtag:R,ERE,1,BLANK:\[([0-9]{1,5})\]--end%\",\"%syslogseverity-text:::json%\",\"%fromhost%\",\"%programname%\""
*.* action( type="omazuremds" 
    template="fmt"
    mdsdsocketfile="/var/run/mdsd/default_json.socket"
    mdsdUseMsgPackProtocol="0"
    log_level="0"
    queue.workerthreads="1"
    queue.dequeuebatchsize="64"
    queue.type="fixedarray"
    queue.spoolDirectory="/var/opt/microsoft/linuxmonagent"
    queue.filename="mdsdqueue"
    queue.highwatermark="400"
    queue.lowwatermark="100"
    queue.discardseverity="8"
    queue.maxdiskspace="5g"
    queue.size="500"
    queue.saveonshutdown="on"
    action.resumeretrycount="-1"
    action.resumeinterval = "3"
)