Skip to content

Instantly share code, notes, and snippets.

View jskarpe's full-sized avatar

Jon Skarpeteig jskarpe

  • Signicat AS
  • Norway
View GitHub Profile
@jskarpe
jskarpe / gist:5716947
Last active December 18, 2015 03:19 — forked from faleev/gist:3435377
filter {
# strip the syslog PRI part and create facility and severity fields.
# the original syslog message is saved in field %{syslog_raw_message}.
# the extracted PRI is available in the %{syslog_pri} field.
#
# You get %{syslog_facility_code} and %{syslog_severity_code} fields.
# You also get %{syslog_facility} and %{syslog_severity} fields if the
# use_labels option is set True (the default) on syslog_pri filter.
grok {
type => "syslog-relay"