adding field types.

[spacecabbie]

Hey @pschiffe I love your approach:

template(name="elasticsearch-json" type="list") {
    constant(value="{")
    property(name="timestamp"  dateFormat="rfc3339" format="jsonf")
    constant(value=",")
    property(name="$!all-json" position.from="2")
}

# add interesting properties from rsyslog to $!all-json
set $!host     = $hostname;
set $!facility = $syslogfacility-text;
set $!severity = $syslogseverity-text;
set $!tag      = $syslogtag;
set $!message  = $msg;

Its brilliant for it allow a novice as me to easy change and edit the template. Now i have been working on it for a couple of weeks but i really want to add field types is this at all possible in the way of defining the variables like you did in the conf ?

Here's my template I am looking for the syntax if it exists something like this:

set $!source_ip = $fromhost-ip; type = ip;

# this is for index names to be like: rsyslog-YYYY.MM.DD
template(name="rsyslog-index" type="string" string="rsyslog-%$DAY%.%$MONTH%.%$YEAR%")

#  this is for formatting our syslog in JSON with @timestamp
# format the syslog messages as JSON for elasticsearch
template(name="json-syslog" type="list") {
    constant(value="{")
    property(name="timestamp"  dateFormat="rfc3339" format="jsonf")
    constant(value=",")
    property(name="$!all-json" position.from="2")
}

# add interesting properties from rsyslog to $!all-json
set $!hostc = $hostname;
set $!source_host = $fromhost;
set $!source_ip = $fromhost-ip;
set $!program = $programname;
set $!facilitynr = $syslogfacility;
set $!serveritynr = $syslogseverity;
set $!priority = $syslogpriority;
set $!rsys_module = $inputname;
set $!host = $fromhost;
set $!facility = $syslogfacility-text;
set $!severity = $syslogseverity-text;
set $!tag = $syslogtag;
set $!msg = $msg;
set $!org_msg = $rawmsg;

thanks !