Newline characters in syslog output

brandonstark · June 30, 2020, 11:18am

My incoming syslog has newline characters.
In Kibana I see the messages as multiline text.
The outgoing syslog messages change the newlines to literal "\n".
For example, the incoming message:

incoming
message

appears in the syslog output as:

incoming\nmessage

How do I get the outgoing syslog messages to have newline characters, as the incoming syslog message does?

This is my pipeline:

input {
    syslog {
        grok_pattern => "<%{POSINT:priority}>%{GREEDYDATA:syslogmessage}"
    }
}
output {
    elasticsearch { 
        hosts => ["elasticsearch:9200"]
    }
    syslog {
        host => "10.4.1.4"
        port => 514
        message => "%{syslogmessage}"
    }
}

system · July 28, 2020, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.