OK i have a solution More or less.
remote with BSD disabled
individual Input Raw on port 2514
extractor1 one for each level desired
Field matches regular expression=info
Store as field=LOGLEVEL
extractor2 one for each level desired
Replace with regular expression
Store as field=level
This results in logs showing correct log level in graylog as well as in librenms.
I think i can make these extractors more efficient using pipelines as @cawfehman but could use some help. As this is a working solution i will back burner the pipeline unless I receive some unsolicited help(plz). Thank you @Karlis and @cawfehman for your time and effort.
O and to share something in return. Here is the script i have written to pass the remote log config to all 70 or so Mikrotics in our environment.
for HOST in $(cat mkt-ip-list.txt) ; do sshpass -f ‘pass.txt’ ssh -o “StrictHostKeyChecking=no” admin@$HOST ‘/system logging action add name=graylog remote=xxx.xxx.xxx.xxx remote-port=2514 target=remote;/system logging add action=graylog topics=critical;/system logging add action=graylog topics=error;/system logging add action=graylog topics=warning;/system logging add action=graylog topics=info’ ; done
It is all one line and the mkt-ip-list.txt is a txt file with each of our mikrotik IPs on its own line