{% if rsys_logfiles is defined %}
{% if rsyslog_use_inotify %}
module(load="imfile" mode="inotify" )
{% else %}
module(load="imfile" mode="polling" PollingInterval="10" )
{% endif %}
{% for log in rsys_logfiles %}
input(
Type="imfile"
File="{{ log.logfile }}"
Tag="{{ log.log_tag }}"
)

{% endfor %}
{% endif %}
{% if rsyslog_use_elasticsearch_module %}
module(load="omelasticsearch")

{% if rsyslog_use_queues %}
main_queue(
  queue.size="{{ rsyslog_main_queue_size }}"   # capacity of the main queue
  queue.debatchsize="{{ rsyslog_main_queue_debatchsize }}"  # process messages in batches of 1000 and move them to the action queues
  queue.workerthreads="{{ rsyslog_main_queue_workerthreads }}"  # threads for the main queue
)
{% endif %}

template(name="logstash-index"
  type="list") {
    constant(value="logstash-")
    property(name="timereported" dateFormat="rfc3339" position.from="1" position.to="4")
    constant(value=".")
    property(name="timereported" dateFormat="rfc3339" position.from="6" position.to="7")
    constant(value=".")
    property(name="timereported" dateFormat="rfc3339" position.from="9" position.to="10")
}

# this is for formatting our syslog in JSON with @timestamp
template(name="plain-syslog"
  type="list") {
    constant(value="{")
      constant(value="\"@timestamp\":\"")     property(name="timereported" dateFormat="rfc3339")
      constant(value="\"received_at\":\"")     property(name="timereported" dateFormat="rfc3339")
      constant(value="\",\"host\":\"")        property(name="hostname")
      constant(value="\",\"received_from\":\"")        property(name="hostname")
      constant(value="\",\"severity\":\"")    property(name="syslogseverity-text")
      constant(value="\",\"facility\":\"")    property(name="syslogfacility-text")
      constant(value="\",\"tag\":\"")   property(name="syslogtag" format="json")
      constant(value="\",\"message\":\"")    property(name="msg" format="json")
    constant(value="\"}")
}
# this is where we actually send the logs to Elasticsearch ({{ rsys_elasticsearch_collector_host }}:{{ rsys_elasticsearch_collector_port }})
*.* action(type="omelasticsearch"
    template="plain-syslog"
    searchIndex="logstash-index"
    dynSearchIndex="on"
{% if rsyslog_use_queues %}
    bulkmode="on"
    queue.dequeuebatchsize="{{ rsyslog_action_queue_debatchsize }}"   # ES bulk size
    queue.size="{{ rsyslog_action_queue_size }}"   # capacity of the action queue
    queue.workerthreads="{{ rsyslog_action_queue_workerthreads }}"   # workers for the action
    action.resumeretrycount="{{ rsyslog_action_resumeretrycount }}"
{% endif %}
    server="{{ rsys_elasticsearch_collector_host }}"
    serverport="{{ rsys_elasticsearch_collector_port }}"
    )
{% else %}
# Send all to the logstash server
*.* @@{{ rsys_logstash_collector_host }}:{{ rsys_logstash_collector_port }}
{% endif %}