path: root/
diff options
authorVincent Bernat <>2015-09-30 14:32:07 +0200
committerEric Leblond <>2015-10-02 12:11:36 +0200
commit0ea23cc7ad69556c71787a791fd8e13942540f16 (patch)
treefb9088aa0ce3c36012e5e8caa9c7b3e12f2f3ad4 /
parentc9337b31f756cae85299c8275b21088ce02885e2 (diff)
json: output messages in JSONv1 format
While Logstash is quite flexible in the JSON messages received, the canonical format it "expects" is the JSON Event v1 format. The timestamp should be keyed by `@timestamp` and there should be a `@version` key whose value is 1. All other keys are free. There is no formal specification of this format. It is however described here: It's useful to respect this format as it allows a user to use a less capable receiver. The new format is enabled only when `eventv1=1` is set in plugin configuration. Signed-off-by: Vincent Bernat <>
Diffstat (limited to '')
1 files changed, 3 insertions, 0 deletions
diff --git a/ b/
index 8893175..9624a4b 100644
--- a/
+++ b/
@@ -209,6 +209,9 @@ sync=1
# by the input plugin is coding the action on packet: if 0, then
# packet has been blocked and if non null it has been accepted.
+# Uncomment the following line to use JSON v1 event format that
+# can provide better compatility with some JSON file reader.
#default file is /var/log/ulogd.pcap