github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/docs/operators/syslog_parser.md (about) 1 ## `syslog_parser` operator 2 3 The `syslog_parser` operator parses the string-type field selected by `parse_from` as syslog. Timestamp parsing is handled automatically by this operator. 4 5 ### Configuration Fields 6 7 | Field | Default | Description | 8 | --- | --- | --- | 9 | `id` | `syslog_parser` | A unique identifier for the operator | 10 | `output` | Next in pipeline | The connected operator(s) that will receive all outbound entries | 11 | `parse_from` | $ | A [field](/docs/types/field.md) that indicates the field to be parsed as JSON | 12 | `parse_to` | $ | A [field](/docs/types/field.md) that indicates the field to be parsed as JSON | 13 | `preserve` | false | Preserve the unparsed value on the record | 14 | `on_error` | `send` | The behavior of the operator if it encounters an error. See [on_error](/docs/types/on_error.md) | 15 | `protocol` | required | The protocol to parse the syslog messages as. Options are `rfc3164` and `rfc5424` | 16 17 ### Example Configurations 18 19 20 #### Parse the field `message` as syslog 21 22 Configuration: 23 ```yaml 24 - type: syslog_parser 25 protocol: rfc3164 26 ``` 27 28 <table> 29 <tr><td> Input record </td> <td> Output record </td></tr> 30 <tr> 31 <td> 32 33 ```json 34 { 35 "timestamp": "", 36 "record": "<34>Jan 12 06:30:00 1.2.3.4 apache_server: test message" 37 } 38 ``` 39 40 </td> 41 <td> 42 43 ```json 44 { 45 "timestamp": "2020-01-12T06:30:00Z", 46 "record": { 47 "appname": "apache_server", 48 "facility": 4, 49 "hostname": "1.2.3.4", 50 "message": "test message", 51 "msg_id": null, 52 "priority": 34, 53 "proc_id": null, 54 "severity": 2 55 } 56 } 57 ``` 58 59 </td> 60 </tr> 61 </table>