#!/bin/sh

# add a parser to extract message from /var/log/messages file
# this is needed because tail plugin treats the entire line as the one string without this
PARSER_FILE="/etc/fluent-bit/parsers.conf"
PARSER_NAME="syslog_message"

# Check if parser already exists
if grep -q "Name\s\+$PARSER_NAME" "$PARSER_FILE"; then
    echo "Fluent Bit parser '$PARSER_NAME' already exists. Skipping."
    exit 0
fi

# Append the parser to the file
cat << EOF >> "$PARSER_FILE"

[PARSER]
    Name        $PARSER_NAME
    Format      regex
    Regex       ^(?<timestamp>\w+\s+\d+\s+\d+:\d+:\d+)\s+(?<hostname>\S+)\s+(?<process>[^:]+):\s+(?<message>.+)
    Time_Key    timestamp
    Time_Format %b %d %H:%M:%S
EOF

echo "Added Fluent Bit parser '$PARSER_NAME' to $PARSER_FILE"

exit 0