Confused around @variables, builtins

This PR exists for syslog-pri https://github.com/logstash/cookbook/pull/86

I suppose that central-syslog needs a complete review, registered this issue in the cookbook
https://github.com/logstash/cookbook/issues/93

Thanks for the clarification, Jordan. I was coming into logstash from a syslog centralisation viewpoint, and the cookbook for both standalone and central syslogs use both 'message' and '@message' fields. The '@' prefix looked like it was a system variable (re:timestamp and version), but it didn't seem to flow that way with '@message' in those examples.

I found it puzzling watching the debug console (or kibana), because every log line seemed to be recorded twice, once each in message and @message.

Perhaps put the syslog cookbook entries on the documentation cleanup radar? There's one or two other @-prefixed variables that aren't timestamp/version in there as well.
http://cookbook.logstash.net/recipes/central-syslog/
http://cookbook.logstash.net/recipes/syslog-pri/

In logstash 1.2 there are only two fields guaranteed to be present in every event, @timestamp and @version. @timestamp contains the time the event occurred at. @version is just a version for the schema that represents this event, it is currently "1" and I don't expect it to change any time soon.

The '@' prefixing is to avoid conflicting with any fields you might have in your own events. This choice of using "@" was because I've never seen anyone use this as a prefix yet, so it seemed a good choice.

In terms of "What is the difference" - functionally speaking, a field is a field. The name of that field doesn't matter.

Does this help explain things?

@message isn't a thing anymore.

I have the same problem. What is the difference between message and @message?