Hi Team,

I am trying to achieve ingesting json logs with nxlog community edition. Is that possible? And wanted to know if below condition can be achieved with nxlog config file?

if auth_spf == pass then insert Tag DMARC aligned True OR if auth_dkim == pass then insert Tag DMARC aligned True OR if auth_spf || auth_dkim == pass then insert Tag DMARC aligned True

TIA Blason R

Hello,

Our application writes logs in JSON format so it's quite straightforward to send them to Elasticsearch using om_http module. However we need to enrich JSON logs with additional information like application name. I was searching for the solution and found that I could do the following:

<Output elasticsearch>
    Module      om_http
    URL            (server_url)
    ContentType application/json
    Exec        set_http_request_path(strftime(now(), "/test-%Y.%m/log/"));
    Exec        parse_json(); $Application="MyApp"; to_json();
</Output>

The last line in the output specification make sure the json payload is first parsed and then generated again, enriched with a new field "Application". I wonder if this is a right approach or there are other alternatives.

Thanks in advance