When using the syslog output, it's not possible to specify the 'severity' using a field - only static strings (contained in the plugin's SEVERITY_LABELS array) may be passed.
It would be very useful to be able to do this:
But this fails with the error:
The plugin is more or less useless if the severity can't be set by a variable.
My suggested fix is:
logstash / lib / logstash / outputs / syslog.rb
config :severity, :validate => SEVERITY_LABELS, :required => true
config :severity, :validate => :string, :required => true
severity_code = SEVERITY_LABELS.index(@severity)
severity = event.sprintf(@severity)
severity_code = SEVERITY_LABELS.index(severity)
This might give an index exception if severity isn't a member of SEVERITY_LABELS but that can give an error message (I don't know how to do that in Ruby).