fields

Defines the list of database fields whose values are appended to the message.

This parameter applies to MaxMind/GeoIP DB lookup (mmdblookup).

Name:

fields

Scope:

input

Type:

array (word)

Default:

none

Required?:

yes

Introduced:

8.24.0

Description

This parameter specifies the fields that will be appended to processed messages. The fields will always be appended in the container used by mmdblookup (which may be overridden by the container parameter on module load).

By default, the lookup path (without a leading exclamation mark (!), if present) is used as the name for the resulting JSON property. This can be overridden by specifying a custom name. Use the following syntax to control the resulting variable name and lookup path:

• :customName:!path!to!field — specify the custom variable name enclosed in colons, followed by the MaxMind DB path.

• Exclamation marks (!) denote path levels within the database record.

For example, to extract !city!names!en but rename it to cityname, use :cityname:!city!names!en as the field value.

Input usage

action(type="mmdblookup"
       key="!clientip"
       mmdbFile="/etc/rsyslog.d/GeoLite2-City.mmdb"
       fields=[":continent:!continent!code",
               "!country!iso_code",
               ":loc:!location"])

See also

See also MaxMind/GeoIP DB lookup (mmdblookup).

---

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.