journalpump.json

{
    "field_filters": {
        "drop_selinux_context": {
            "fields": [
                "_SELINUX_CONTEXT"
            ],
            "type": "blacklist"
        },
        "include_message_and_machine_id": {
            "fields": [
                "MESSAGE",
                "_MACHINE_ID"
            ],
            "type": "whitelist"
        }
    },
    "readers": {
        "host1": {
            "senders": {
                "elastic1": {
                    "output_type": "elasticsearch",
                    "elasticsearch_url": "https://u9r6z9e8:er57mbtcgsxn4lya@machinedomain.com:18195",
                    "elasticsearch_index_prefix": "journalpump",
                    "elasticsearch_index_days_max": 3,
                    "field_filter": "drop_selinux_context",
                    "ca": "path/to/ca/file"
                },
                "kafka1": {
                    "output_type": "kafka",
                    "kafka_topic": "testtopic",
                    "kafka_address": "kafka-1782d8c-demoprj.aivencloud.com:26884",
                    "match_key": "_MACHINE_ID",
                    "match_value": "97baf08d-62a5-47a6-9ce3-cd3b6685d3ec",
                    "field_filter": "include_message_and_machine_id",
                    "ca": "path/to/ca/file",
                    "certfile": "path/to/cert",
                    "keyfile": "path/to/key",
                    "ssl": true
                }
            }
        },
        "sshd": {
            "flags": 4,
            "units_to_match": [
                "sshd.service"
            ],
            "senders": {
                "logfile1": {
                    "output_type": "file",
                    "file_output": "/tmp/sshd.log"
                }
            }
        }
    }
}