syslog-ng Open Source Edition 3.16 - Release Notes

Table of Contents

Supported platforms New Features Resolved Issues Known Issues Product Licensing Upgrade and Installation Instructions More resources About us

Third-party contributions

GNU General Public License

Preamble TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

Section 0 Section 1 Section 2 Section 3 Section 4 Section 5 Section 6 Section 7 Section 8 Section 9 Section 10 NO WARRANTY Section 11 Section 12

How to Apply These Terms to Your New Programs

GNU Lesser General Public License License attributions

map-value-pairs: Rename value-pairs to normalize logs

map-value-pairs: Rename value-pairs to normalize logs

The map-value-pairs() parser allows you to map existing name-value pairs to a different set of name-value pairs. You can rename them in bulk, making it easy to use for log normalization tasks (for example, when you parse information from different log messages, and want to convert them into a uniform naming scheme). You can use the normal value-pairs expressions, similarly to value-pairs based destinations.

Available in syslog-ng OSE version 3.10 and later.

Declaration:

parser parser_name {
    map-value-pairs(
        <list-of-value-pairs-options>
    );
};

Example: Map name-value pairs

The following example creates a new name-value pair called username, adds the hashed value of the .apache.username to this new name-value pair, then adds the webserver prefix to the name of every name-value pair of the message that starts with .apache

parser p_remap_name_values {
    map-value-pairs(
        pair("username", "'($sha1 $.apache.username)")
        key('.apache.*' rekey(add-prefix("webserver")))
    );
};

Was this topic helpful?

[Select Rating]

Related Documents

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy