flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hari Shreedharan <hshreedha...@cloudera.com>
Subject Re: syslog source - sinks without datetime/hostname
Date Tue, 16 Oct 2012 22:00:53 GMT
Hi Filip, 

The reason for this is that the Text serializer will only serialized the body of the event,
and the syslog sources write the body of the syslog event into the body of the flume event.
The hostname/timestamp/severity etc are added into the Flume Event headers. You could simply
write a serializer which writes out this information in the same format as you expect and
you will be able to see the headers in the files. You could use the Avro serializer to serialize
it into avro too, which will make sure the headers are also written out.

Hope this helps.


Hari Shreedharan

On Tuesday, October 16, 2012 at 2:27 PM, Filip Slunecko wrote:

> Hi,
> I am trying to use syslog source and sink it to hdfs or fileroller.
> Everything is working, but "saved" logs are without timestamp and
> hostname information.
> Is it possible to force flume-ng to dump those information from syslog
> header togather with body lines?
> I am using flume-ng-agent-1.2.0+24.4-1.noarch from Cloudera repository.
> Thanks,
> Filip 

View raw message