https://www.rsyslog.com/files/temp/doc-indent/configuration/modules/omelasticsearch.html
Default value of template=" ... " is
$template JSONDefault,
"{\"message\":\"%msg:::json%\",\"fromhost\":\"%HOSTNAME:::json%\",\"facility\":\"%syslogfacility-text%\",\"priority\":\"%syslogpriority-text%\",\"timereported\":\"%timereported:::date-rfc3339%\",\"timegenerated\":\"%timegenerated:::date-rfc3339%\"}"
This does not look like JSON CEE
Therefore, if other applications are submitting CEE events[1] to
rsyslog, they do not use the same field names
Which JSON schema (if any) does the JSONDefault value attempt to comply
with?
Is there a recommended value of JSONDefault for CEE fields?
Regards,
Daniel
1. https://cee.mitre.org/language/1.0-beta1/core-profile.html
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
