fix: Chronicle Forwarder Syslog Example & Explain raw_log_field (#1416

) Fix example & explain raw_log_field
observIQ · Jan 10, 2024 · 0813785 · 0813785
1 parent be42b06
commit 0813785
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/exporter/chronicleforwarderexporter/README.md b/exporter/chronicleforwarderexporter/README.md
@@ -27,16 +27,20 @@ The Chronicle Forwarder Exporter is designed for forwarding logs to a Chronicle
 | syslog.tls.cert_file | string |                   | `false`  | Configure the receiver to use TLS.                |
 | file.path            | string |                   | `false`  | The path to the file for storing logs.            |
 
+## Raw Log Field
+
+The raw log field is the field name that the exporter will use to send raw logs to Chronicle. It is an OTTL expression that can be used to reference any field in the log record. If the field is not present in the log record, the exporter will not send the log to the Chronicle Forwarder. The log record context can be viewed here: [Log Record Context](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/pkg/ottl/contexts/ottllog/README.md).
+
 ## Example Configurations
 
 ### Syslog Configuration Example
 
 ```yaml
 chronicleforwarder:
   export_type: "syslog"
+  raw_log_field: body
   syslog:
-    host: "syslog.example.com"
-    port: 10514
+    endpoint: "syslog.example.com:10514"
     network: "tcp"
 ```
 
@@ -45,6 +49,7 @@ chronicleforwarder:
 ```yaml
 chronicleforwarder:
   export_type: "file"
+  raw_log_field: attributes["message"]
   file:
     path: "/path/to/logfile"
 ```