Dustin

Thu, 15 Jun 2023 15:07:49 UTC

Example Log event coming in via Syslog ```{ "_timestamp": 1686841590000000, "appname": "filterlog", "facility": "local0", "hostname": "", "message": "13,,,02f4bab031b57d1e30553ce08e0ec131,vlan01,match,block,in,4,0x0,,64,35751,0,DF,17,udp,32,10.0.1.1,255.255.255.255,53299,10001,12", "meta_sequenceid": "637776", "procid": 94059, "severity": "info", "version": 1 }``` VRL Script only working during query not during ingestion ```if .appname == "filterlog" { ts = ._timestamp # store value of _timestamp in ts test = parse_csv!(.message) .rulenr = test[0] .subrulenr = test[1] .anchorname = test[2] .label = test[3] .interface = test[4] .reason = test[5] .action = test[6] .dir = test[7] .ipversion = test[8] .tos = test[9] .ecn = test[10] .ttl = test[11] .id = test[12] .offset = test[13] .flags = test[14] .protonum = test[15] .protoname = test[16] .length = test[17] .src = test[18] .dest = test[19] ._timestamp = ts #set value of _timestamp from ts . # return record }``` Can you please assist if I am doing something wrong?

Hengfei

Thu, 15 Jun 2023 15:10:14 UTC

Ashish i remember we don't support vrl function for syslog ingestion?

Ashish

Thu, 15 Jun 2023 15:16:49 UTC

We don't support vrl functions on syslog

Dustin

Thu, 15 Jun 2023 15:18:18 UTC

Gotcha, Is there a list of ingestions that support VRL?

Ashish

Thu, 15 Jun 2023 15:20:10 UTC

Except for traces & syslog

Ashish

Thu, 15 Jun 2023 15:20:32 UTC

We support functions on all other ingestion end points

VRL Support on Syslog Ingestion

Dustin

Hengfei

Ashish

Dustin

Ashish

Ashish

OpenObserve

Similar Threads