with builtins; {

  resource = {

    graylog_input.journald = {
      title = "test journald";
      # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
      type = "org.graylog2.inputs.gelf.udp.GELFUDPInput";
      global = true;
      attributes = toJSON ({
        bind_address = "0.0.0.0";
        decompress_size_limit = 8388608;
        number_worker_threads = 2;
        port = 12211; # todo
        recv_buffer_size = 262144;
      });
    };

    # todo create stream

    graylog_input_static_fields.journald = {
      input_id = "\${graylog_input.journald.id}";
      fields = { from_systemd = true; };
    };

    graylog_pipeline.systemd_loglevel_fix.source = ''
      pipeline "journald : log level fix"
        stage 0 match either
          rule "journald : lookup log level"
        stage 1 match either
          rule "journald : replace log level"
      end
    '';

    graylog_pipeline_rule = {
      lookup.source = ''
        rule "journald : lookup log level"
        when
          has_field("level")
        then
          let lookup = lookup_value("systemd-log-level-reverse",$message.level);
          set_field("level_fix",lookup);
        end
      '';
      replace.source = ''
        rule "journald : replace log level"
        when
          has_field("level_fix")
        then
          set_field("level",$message.level_fix);
        end
      '';

    };
  };

}