= parse_log :type: processor :status: stable :categories: ["Parsing"] //// THIS FILE IS AUTOGENERATED! To make changes, edit the corresponding source file under: https://github.com/redpanda-data/connect/tree/main/internal/impl/. And: https://github.com/redpanda-data/connect/tree/main/cmd/tools/docs_gen/templates/plugin.adoc.tmpl //// // © 2024 Redpanda Data Inc. component_type_dropdown::[] Parses common log <> into <>. This is easier and often much faster than xref:components:processors/grok.adoc[`grok`]. [tabs] ====== Common:: + -- ```yml # Common config fields, showing default values label: "" parse_log: format: "" # No default (required) ``` -- Advanced:: + -- ```yml # All config fields, showing default values label: "" parse_log: format: "" # No default (required) best_effort: true allow_rfc3339: true default_year: current default_timezone: UTC ``` -- ====== == Fields === `format` A common log <> to parse. *Type*: `string` Options: `syslog_rfc5424` , `syslog_rfc3164` . === `best_effort` Still returns partially parsed messages even if an error occurs. *Type*: `bool` *Default*: `true` === `allow_rfc3339` Also accept timestamps in rfc3339 format while parsing. Applicable to format `syslog_rfc3164`. *Type*: `bool` *Default*: `true` === `default_year` Sets the strategy used to set the year for rfc3164 timestamps. Applicable to format `syslog_rfc3164`. When set to `current` the current year will be set, when set to an integer that value will be used. Leave this field empty to not set a default year at all. *Type*: `string` *Default*: `"current"` === `default_timezone` Sets the strategy to decide the timezone for rfc3164 timestamps. Applicable to format `syslog_rfc3164`. This value should follow the https://golang.org/pkg/time/#LoadLocation[time.LoadLocation^] format. *Type*: `string` *Default*: `"UTC"` == Codecs Currently the only supported structured data codec is `json`. == Formats === `syslog_rfc5424` Attempts to parse a log following the https://tools.ietf.org/html/rfc5424[Syslog RFC5424^] spec. The resulting structured document may contain any of the following fields: - `message` (string) - `timestamp` (string, RFC3339) - `facility` (int) - `severity` (int) - `priority` (int) - `version` (int) - `hostname` (string) - `procid` (string) - `appname` (string) - `msgid` (string) - `structureddata` (object) === `syslog_rfc3164` Attempts to parse a log following the https://tools.ietf.org/html/rfc3164[Syslog rfc3164] spec. The resulting structured document may contain any of the following fields: - `message` (string) - `timestamp` (string, RFC3339) - `facility` (int) - `severity` (int) - `priority` (int) - `hostname` (string) - `procid` (string) - `appname` (string) - `msgid` (string)