示例JSON配置模板: 我想将dateFormat更改为UTC以统一不同客户的TZ
template(name="json-template" type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"")
property(name="msg" format="json")
constant(value="\",\"sysloghost\":\"")
property(name="hostname")
constant(value="\",\"severity\":\"")
property(name="syslogseverity-text")
constant(value="\",\"facility\":\"")
property(name="syslogfacility-text")
constant(value="\",\"programname\":\"")
property(name="programname")
constant(value="\",\"procid\":\"")
property(name="procid")
constant(value="\"}\n")
}
答案 0 :(得分:0)
如果您知道时区,可以这样做:
template(name="json-template" type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timereported" dateFormat="year")
constant(value="-") property(name="timereported" dateFormat="month")
constant(value="-") property(name="timereported" dateFormat="day")
constant(value="T") property(name="timereported" dateFormat="hour")
constant(value=":") property(name="timereported" dateFormat="minute")
constant(value=":") property(name="timereported" dateFormat="second")
constant(value="+00:00")
...
如果您愿意,将时间重新计算到您的时区,请参阅此处:
http://www.rsyslog.com/doc/v8-stable/configuration/templates.html 和 http://www.rsyslog.com/doc/v8-stable/configuration/property_replacer.html
或在源代码中:
https://github.com/rsyslog/rsyslog/blob/master/runtime/msg.c
并使用-utc功能,例如:now-utc,year-utc,...
祝你好运欧文