You're showing a logstash parsing, extracted from a message formatted using syslog. All the magic should be in the pattern line (log4j.appender.myappender.layout.ConversionPattern=[%c] %m%).
And logstash failed to parse the line anyway (see the _grokparsefailure).
Did you try to send native log4j event to logstash, using custom appenders like my own : https://github.com/fbacchella/ZMQAppender
> Le 11 mai 2016 à 08:20, Dominique Taffin <dominique.taffin@1und1.de> a écrit :
>
> Hello!
>
> Thank you for your reply. Unfortunately, it does not include the hostname with header=true.
> The following is received by the logserver:
>
> {
> "_index": "ovirt-2016.05.11",
> "_type": "syslog",
> "_id": "AVSedM6EH9SU2r3j0ihk",
> "_score": null,
> "_source": {
> "message": "<14>[org.ovirt.engine.core.vdsbroker.HostDevListByCapsVDSCommand] START, HostDevListByCapsVDSCommand(HostName = onodeXXX.some.domain, VdsIdAndVdsVDSCommandParametersBase:{runAsync='true', hostId='XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXX', vds='Host[onodeXXX.some.domain,XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXX]'}), log id: 689d5b30\n",
> "@version": "1",
> "@timestamp": "2016-05-11T08:15:35.729+02:00",
> "type": "syslog",
> "host": "10.XXX.XXX.XXX",
> "tags": [
> "_grokparsefailure"
> ],
> "syslog_severity_code": 5,
> "syslog_facility_code": 1,
> "syslog_facility": "user-level",
> "syslog_severity": "notice"
> },
> "sort": [
> 1462947335729,
> 1462947335729
> ]
> }
>
> is it possible to have the IP in the "host" filed have resolved from log4j so that the hostname will be displayed there? Or have it convinced to use the appender.Application field?
>
> thank you and best,
> Dominique
>
> Von: Ravi Nori <rnori@redhat.com>
> Gesendet: Dienstag, 10. Mai 2016 19:04
> An: Dominique Taffin
> Cc: users@oVirt.org
> Betreff: Re: [ovirt-users] Log4j hostname
>
> Hi Dominique,
>
> Add
>
> log4j.appender.myappender.header = true
>
> and see if you get the hostname
>
> Ravi
>
>
> On Mon, May 9, 2016 at 9:37 AM, Dominique Taffin <dominique.taffin@1und1.de> wrote:
> Hello!
>
> We are using the log4j extension to send ovirt logs to a logstash server.
> As we do have several engine hosts and only one logging backend, we do need to filter logs by hostname. So far I am unable to provide a hostname in
> Log4jLogger.properties. All Log4j configurations we have in other applications/servers to honor the log4j.Application property. I tried setting it up by:
>
>
>
> ovirt.engine.extension.name = Log4j
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.logger.Logger
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.logger.log4j
> ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.logger.log4j.Log4jLogger
> log4j.rootLogger=DEBUG, myappender
>
> log4j.appender.myappender = org.apache.log4j.net.SyslogAppender
> log4j.appender.myappender.SyslogHost = logstash-server.something
> log4j.appender.myappender.Port = 5544
> log4j.appender.myappender.ReconnectionDelay = 60000
> log4j.appender.myappender.Application = ovirthostname
> log4j.appender.myappender.LocationInfo = true
> log4j.appender.myappender.Threshold = DEBUG
> log4j.appender.myappender.layout = org.apache.log4j.PatternLayout
> log4j.appender.myappender.layout.ConversionPattern=[%c] %m%n
>
>
>
> Logs do arrive, but no hostname. Can anyone point me out on how to include the hostname in the logs?
>
> thank you and best,
> Dominique
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users