Hi Did you solve this problem?
I have this exact issue and so far I have found a way of retaining information using pack.
i.e.
- job_name: syslog
syslog:
listen_address: 0.0.0.0:1514 # make sure you also expose this port on the container
idle_timeout: 60s
label_structured_data: no
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'
- source_labels: ['__syslog_message_app_name']
target_label: 'app_name'
- source_labels: ['__syslog_message_proc_id']
target_label: 'proc_id'
- source_labels: ['__syslog_message_msg_id']
target_label: 'msg_id'
- source_labels: ['__syslog_connection_ip_address']
target_label: 'ip_address'
- source_labels: ['__syslog_connection_hostname']
target_label: 'hostname'
- source_labels: ['__syslog_message_severity']
target_label: 'severity'
- source_labels: ['__syslog_message_facility']
target_label: 'facility'
pipeline_stages:
- match:
selector: '{job="syslog"}' #match all
stages:
- pack:
labels:
- proc_id
- msg_id
- ip_address
- hostname
- severity
- facility
This results in outputs that are in json. format. it also means if the original json then it is json inside json as an escaped string which is not ideal.
Here is an example:
