diff --git a/docs/parsers/syslog_s.md b/docs/parsers/syslog_s.md index c21e78de..5cd594f4 100644 --- a/docs/parsers/syslog_s.md +++ b/docs/parsers/syslog_s.md @@ -33,7 +33,25 @@ Usage (module): Schema: { - "foo": string, + "priority": integer, + "version": integer, + "timestamp": string, + "timestamp_epoch": integer, # [0] + "timestamp_epoch_utc": integer, # [1] + "hostname": string, + "appname": string, + "proc_id": integer, + "msg_id": string, + "structured_data": [ + { + "identity": string, + "parameters": { + "": string + } + } + ], + "message": string, + "unparsable": string # [2] # below object only exists if using -qq or ignore_exceptions=True "_jc_meta": { @@ -43,6 +61,11 @@ Schema: } } + [0] naive timestamp if "timestamp" field is parsable, else null + [1] timezone aware timestamp availabe for UTC, else null + [2] this field exists if the syslog line is not parsable. The value + is the original syslog line. + Examples: $ cat syslog.txt | jc --syslog-s -p diff --git a/jc/parsers/syslog_s.py b/jc/parsers/syslog_s.py index fdb972ae..62cf8888 100644 --- a/jc/parsers/syslog_s.py +++ b/jc/parsers/syslog_s.py @@ -28,7 +28,25 @@ Usage (module): Schema: { - "foo": string, + "priority": integer, + "version": integer, + "timestamp": string, + "timestamp_epoch": integer, # [0] + "timestamp_epoch_utc": integer, # [1] + "hostname": string, + "appname": string, + "proc_id": integer, + "msg_id": string, + "structured_data": [ + { + "identity": string, + "parameters": { + "": string + } + } + ], + "message": string, + "unparsable": string # [2] # below object only exists if using -qq or ignore_exceptions=True "_jc_meta": { @@ -38,6 +56,11 @@ Schema: } } + [0] naive timestamp if "timestamp" field is parsable, else null + [1] timezone aware timestamp availabe for UTC, else null + [2] this field exists if the syslog line is not parsable. The value + is the original syslog line. + Examples: $ cat syslog.txt | jc --syslog-s -p