I'm using python logging library to write to log file.

Currently It write to a static file, and contain:

myapp; 2025-06-25 05:44:38 INFO builtins <module> Hello world

I'm new to rsyslog. How to set rsyslog templates to:

1. Extract the value of first word before first semi-colon and use it as 'key'
2. Write to local log file with the name of key.log (i.e: myapp.log)
3. And when writing, only start from the timestamp to the rest.

tried

template(name="debug_format" type="string" string="rawmsg=%rawmsg%, key=%$.key%, msg=%$.msg%\n")

action(type="omfile" file="/home/bino/Documents/playsyslog/debug.log" template="debug_format")

set $.key = field($rawmsg, 1, ";");
set $.key = replace($$.key, "<[0-9]+>", "");

set $.msg = field($rawmsg, 2, ";");

action(type="omfile" file="/dev/null")

But debug.log only contain

rawmsg=<190>myapp; 2025-06-25 07:40:39 INFO builtins <module> hello world 1750837239.561345, key=, msg=

empty key and msg

I'm using python logging library to write to log file.

Currently It write to a static file, and contain:

myapp; 2025-06-25 05:44:38 INFO builtins <module> Hello world

I'm new to rsyslog. How to set rsyslog templates to:

1. Extract the value of first word before first semi-colon and use it as 'key'
2. Write to local log file with the name of key.log (i.e: myapp.log)
3. And when writing, only start from the timestamp to the rest.

tried

template(name="debug_format" type="string" string="rawmsg=%rawmsg%, key=%$.key%, msg=%$.msg%\n")

action(type="omfile" file="/home/bino/Documents/playsyslog/debug.log" template="debug_format")

set $.key = field($rawmsg, 1, ";");
set $.key = replace($$.key, "<[0-9]+>", "");

set $.msg = field($rawmsg, 2, ";");

action(type="omfile" file="/dev/null")

But debug.log only contain

rawmsg=<190>myapp; 2025-06-25 07:40:39 INFO builtins <module> hello world 1750837239.561345, key=, msg=

empty key and msg

----------Edit------

After i make another observasion with running rsyslogd in debug mode, found that the raw msg received by rsyslog is

9319.712852011:main Q:Reg/w0  : ruleset.c: processBATCH: next msg 0: <14>KEYFIELD; 2025-07-01 00:21:59 INFO to_sock handle Hello there 1751329319.712039

So adapting the help by @meuh at https://unix.stackexchange.com/a/797500/480724 both the 'key' 'part' got

'***FIELD NOT FOUND***'

I'm using python logging library to write to log file.

Currently It write to a static file, and contain:

app_name=myapp 2025-06-25 05:44:38 INFO builtins <module> Hello world

I'm new to rsyslog. How to set rsyslog templates to:

1. Extract the value of 'app_name' and use it as 'key'
2. Write to local log file with the name of key.log (i.e: myapp.log)
3. And when writing, only start from the timestamp to the rest.

I'm using python logging library to write to log file.

Currently It write to a static file, and contain:

myapp; 2025-06-25 05:44:38 INFO builtins <module> Hello world

I'm new to rsyslog. How to set rsyslog templates to:

1. Extract the value of first word before first semi-colon and use it as 'key'
2. Write to local log file with the name of key.log (i.e: myapp.log)
3. And when writing, only start from the timestamp to the rest.

tried

template(name="debug_format" type="string" string="rawmsg=%rawmsg%, key=%$.key%, msg=%$.msg%\n")

action(type="omfile" file="/home/bino/Documents/playsyslog/debug.log" template="debug_format")

set $.key = field($rawmsg, 1, ";");
set $.key = replace($$.key, "<[0-9]+>", "");

set $.msg = field($rawmsg, 2, ";");

action(type="omfile" file="/dev/null")

But debug.log only contain

rawmsg=<190>myapp; 2025-06-25 07:40:39 INFO builtins <module> hello world 1750837239.561345, key=, msg=

empty key and msg