Hello everyone,
I am considering Graylog to centralize logs from my Linux devices. The logs will come via syslog and may have three kind of messages:
- messages from various services (auth, database, …) which format I do not control
- messages from my own applications, which format I control but which is free text (such as
error 13: the oven stopped, rebooting the building) - messages from my own application, coming in as JSON (such as
{"error": 13, "description": "the oven stopped", "action": "rebooting the building"})
The first two categories would be left as it, or possibly parsed with an extractor.
Now, I would like the third kind to be parsed as JSON and the fields added automatically (error, description and action in the example above).
Is this something which is possible to do (this is equivalent to a Python update of the stored dict, with the information form the message part of the event)?