Hello, I have not found a lot of examples outside of the github README on this subject. I have json_v2 data that I am retrieving from an API that I would like to push to a generic syslog server. I don’t seem to clearly understand the sdids data parsing and need help to see where I am going wrong or is there perhaps bugs in the syslog output plugin that I might be tripping because of all of the ‘\n’ and ‘@’ special characters?
Here is the data that is printed when I output to stdout:
scc-change-logs,host=draco events_description="Changed ASA Config",events_diff="@@ -5,1 +5,1 @@\\n-: Written by lockhart at 18:53:02.210 UTC Tue Oct 8 2024\\n+: Written by lockhart at 19:24:54.048 UTC Wed Oct 9 2024\\n@@ -135,2 +135,0 @@\\n-object network 1.1.1.1\\n-host 1.1.1.1\\n@@ -239,0 +237,2 @@\\n+object network 1.1.1.1\\n+host 1.1.1.1\\n@@ -1108,1 +1108,1 @@\\n-Cryptochecksum:b06f479add1a10f8388a2958d0ee0018\\n+Cryptochecksum:b858dfb10323f3dbc9694a49b8c94168",events_username="me@domain.com",events_date="2024-10-09T19:26:08Z",events_action="UPDATE",uid="544ee602-1f4c-4f5f-bbd2-365d865d78b3",status="COMPLETED",lastEventDate="2024-10-09T19:26:13Z",entityUid="6b580296-7199-47b5-9736-9b91329c284e" 1728577800000000000
Syslog Output Config:
[[outputs.syslog]]
address = "udp://192.168.3.50:10019"
default_sdid = "events2"
sdids = ["events_description", "events_diff", "events_username", "events_date", "events_action"]
Syslog Server Receives this: (Checked a packet capture and the missing characters are missing in the payload so this is not something the syslog server is mangling. The data is being transmitted this way.)
"message": "325 <13>1 2024-10-10T16:32:01Z draco Telegraf - scc-change-logs [events2 lastEventDate=\"2024-10-09T19:26:13Z\"][events_description action=\"UPDATE\" ate=\"2024-10-09T19:26:08Z\" atus=\"COMPLETED\" ff=\"\" username=\"me@domain.com\" yUid=\"6b580296-7199-47b5-9736-9b91329c284e\"][events_username id=\"544ee602-1f4c-4f5f-bbd2-365d865d78b3\"]",
Thanks in advance for any advice!
