graylog : fixing journald

terranix/graylog/journald.nix

@@ -5,19 +5,6 @@ with builtins; {
   resource = {
 
     graylog_input = {
-      journald = {
-        title = "Journald Logs";
-        # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
-        type = "org.graylog2.inputs.gelf.udp.GELFUDPInput";
-        global = true;
-        attributes = toJSON ({
-          bind_address = "0.0.0.0";
-          decompress_size_limit = 8388608;
-          number_worker_threads = 4;
-          port = 11201;
-          recv_buffer_size = 262144;
-        });
-      };
       journalbeat = {
         title = "Journalbeat Logs";
         # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
@@ -40,14 +27,6 @@ with builtins; {
       };
     };
 
-    graylog_input_static_fields.journald = {
-      input_id = "\${graylog_input.journald.id}";
-      fields = {
-        from_journald = true;
-        systemdjournal2gelf = true;
-      };
-    };
-
     graylog_input_static_fields.journalbeat = {
       input_id = "\${graylog_input.journalbeat.id}";
       fields = {

terranix/graylog/journald/nextcloud.nix

@@ -21,7 +21,7 @@ with builtins; {
       nextcloudLevel1.source = ''
         rule "nextcloud : parse level 1"
         when
-            has_field("Systemd_unit") && $message.Systemd_unit == "phpfpm-nextcloud.service"
+            has_field("systemd_unit") && $message.systemd_unit == "phpfpm-nextcloud.service"
         then
           let parsedJson = parse_json(to_string($message.message));
           set_fields(to_map(parsedJson),"nextcloud_");