Support structured messages

master
Daniel Berteaud 6 years ago
parent 8293c3ec4e
commit 66599fc380
  1. 11
      systemd-journal-gelf

@ -69,7 +69,7 @@ if (-e $conf->{state}){
} }
} }
open JOURNAL, "journalctl -f -o json$cursor_arg |"; open JOURNAL, "/usr/bin/journalctl -f -o json$cursor_arg |";
while (my $entry = <JOURNAL>){ while (my $entry = <JOURNAL>){
my $msg = from_json($entry); my $msg = from_json($entry);
my $gelf = { my $gelf = {
@ -79,6 +79,15 @@ while (my $entry = <JOURNAL>){
timestamp => int ($msg->{__REALTIME_TIMESTAMP} / (1000 * 1000)), timestamp => int ($msg->{__REALTIME_TIMESTAMP} / (1000 * 1000)),
level => $msg->{PRIORITY} level => $msg->{PRIORITY}
}; };
# Now lets look at the message. If it starts with gelf: we can split it and have further
# fields to send. I use this to handle httpd or nginx logs for example
if ($msg->{MESSAGE} =~ m/^gelf:([a-zA-Z\d]+=([^\|])\|?)+/){
$msg->{MESSAGE} =~ s/^gelf://;
foreach (split /\|/, $msg->{MESSAGE}){
my ($key,$val) = split /=/, $_;
$gelf->{'_' . lc $key} = $val;
}
}
foreach (grep !/^MESSAGE|_HOSTNAME|__REALTIME_TIMESTAMP|PRIORITY$/, keys %$msg){ foreach (grep !/^MESSAGE|_HOSTNAME|__REALTIME_TIMESTAMP|PRIORITY$/, keys %$msg){
my $key = lc (($_ =~ m/^_/) ? $_ : '_' . $_); my $key = lc (($_ =~ m/^_/) ? $_ : '_' . $_);
$gelf->{$key} = $msg->{$_}; $gelf->{$key} = $msg->{$_};

Loading…
Cancel
Save