These are Collectors that receive an input in JSON and unmarshall it into an internal Event struct.
There are currently two available implementations:
- The JsonEventCollector
- The JsonPayloadCollector
The JsonEventCollector expects to receive a valid JSON representation of a Tornado Event as input. It is used internally by Tornado to unmarshall Events received, for example, from a TCP or UDS socket.
The JSON input format should respect the Event structure, for example:
{
"type": "email",
"created_ms": 1554130814854,
"payload":{
"subject": "Email subject",
"body": "Email body",
"other": {
"some_text": "some text",
"a_bool": true,
"a_number": 123456.789,
"something_else": {}
}
}
}The JsonPayloadCollector receives any valid JSON object and creates a Tornado Event whose payload is that input. For example, the following input:
{
"@timestamp": "2018-11-01T23:59:59+01:00",
"host": "neteye01",
"hostgroups": [
"windows",
"database",
"rome"
],
"icinga_customfields": {
"snmpcommunity": "secret",
"os": "windows"
},
"severity": "DEBUG",
"facility": "daemon",
"syslog-tag": "nfcapd[20747]:",
"source": "nfcapd",
"message": " Process_v9: Found options flowset: template 259"
}will generate this Event:
{
"type": "event_type_from_config",
"created_ms": 1554130814854,
"payload": {
"@timestamp": "2018-11-01T23:59:59+01:00",
"host": "neteye01",
"hostgroups": [
"windows",
"database",
"rome"
],
"icinga_customfields": {
"snmpcommunity": "secret",
"os": "windows"
},
"severity": "DEBUG",
"facility": "daemon",
"syslog-tag": "nfcapd[20747]:",
"source": "nfcapd",
"message": " Process_v9: Found options flowset: template 259"
}
}The Event "type" property must be specified when the collector is instantiated.