Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I have an source from syslog proto in fluentd, but the line is not fully syslog compliant.

142>May 31 16:22:56 haproxy[77]: {"ident":"haproxy","client_ip":"172.20.1.3","c....}

I need to parse the json part before submitting it to elasticsearch/kibana.

how would you do that? This is producing me a "failed to parse message data"

<source>
  @type syslog
  port 514
  tag haproxy-logs
  <parse>
    @type json
  </parse>
  key_name log
</source>

I also tried a standard syslog input, whithout parsing. and a filter whith json parser, but whitout success. thanks

Thanks for contributing an answer to Stack Overflow!

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.