write_syslog
Writes events as syslog.
write_syslog [facility=int, severity=int, timestamp=time, hostname=string, app_name=string, process_id=string, message_id=string, structured_data=record, message=string]Description
Section titled “Description”Writes events as RFC 5424 Syslog messages.
All options to the operator try to get values for the respective fields from the same-named fields in the input events if unspecified.
facility = int (optional)
Section titled “facility = int (optional)”Set the facility of the syslog.
Defaults to 1 if null.
severity = int (optional)
Section titled “severity = int (optional)”Set the severity of the syslog.
Defaults to 6 if null.
timestamp = time (optional)
Section titled “timestamp = time (optional)”Set the timestamp of the syslog.
hostname = string (optional)
Section titled “hostname = string (optional)”Set the hostname of the syslog.
app_name = string (optional)
Section titled “app_name = string (optional)”Set the application name of the syslog.
process_id = string (optional)
Section titled “process_id = string (optional)”Set the process id of the syslog.
message_id = string (optional)
Section titled “message_id = string (optional)”Set the message id of the syslog.
structured_data = record (optional)
Section titled “structured_data = record (optional)”Set the structured data of the syslog.
message = string (optional)
Section titled “message = string (optional)”Set the message of the syslog.
Examples
Section titled “Examples”Create a syslog manually
Section titled “Create a syslog manually”from { facility: 1, severity: 1, timestamp: now(), hostname: "localhost", structured_data: { origin: { key: "value", }, }, message: "Tenzir",}write_syslog<9>1 2025-03-31T13:28:55.971210Z localhost - - - [origin key="value"] Tenzir