Dan Nemec dantheautomator
dantheautomator
/ logstash filter for nxlog json
Last active
October 2, 2019 17:30
Using nxlog to rename fields to match logstash syslog input. Yes, I could have just sent the raw message to the logstash syslog input, but this taught me a lot about nxlog and some of this is not well documented.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| if [nxtags] == "nxlogsyslog" { | |
| mutate { | |
| add_field => [ "type", "%{nxtags}" ] | |
| replace => [ "host", "%{Hostname}" ] | |
| } | |
| # Parse the date 2014-02-27 14:57:04 - Needed to set timezone value to nxlog server's timezone | |
| date { |