Simplify templating now that numeric JSON types are supported

[JPvRiel]

The upstream issue where all JSON types were forced as a string has been closed: rsyslog/rsyslog#2827

It should now be possible to simply the templates used.

[JPvRiel]

Some simplification can be done, but it's unclear how sub-tree will behave and if an auto mode can apply. Sounds like subtree may force all sub-element datatypes to strings, which implies we still need to unwrap details to get the template sub-data types correct.

See: rsyslog/rsyslog#3661

[JPvRiel]

After about 2 hours trying to simplify template construction, I became aware of some more blocking issues I'd previously forgotten about.

While rsyslog/rsyslog#2827 adds boolean types for JSON output, rainerscript still does not explicitly support setting boolean types?

rsyslog/rsyslog#3836 is still open.

The workaround is to set cnum(0) for false and cnum(1) for true, and then the JSON output template for format=jsonf and datatype=bool will work, but I don't like it. One of the biggest problems is if you write two templates, one JSON (e.g. forward to elasticsearch), the other plaintext string (forward to a syslog SIEM), while the JSON template gets a bit simpler, the plaintext template gets a lot more complex because one has to switch from a string template to a list template.

For the above reason, I chose to keep to older more contrived way of manual generation of the JSON templates. I found that trying to make changes to suite JSON templates only saved a few lines of config in the list type temlates needed, but using c number values to represent boolean values for plaintext string templated forced switching an easy to read template string into a very long complex list template.

E.g. assume a value is set as this in the config to add a variable the the syslog client was authenticated.

set $.syslog-relay!authenticated-client = cnum(1)

The the JSON list type template simply needs to do the following:

property(name="$.syslog-relay!authenticated-client" format="jsonf" datatype="bool")

But the plaintext string template with metadata that was:

template(name="TmplRFC5424Meta" type="string" string="<%pri%>1 %timestamp:::date-rfc3339% %$.hostname% %app-name% %procid% %msgid% [syslog-relay@16543 timegenerated=\"%timegenerated:::date-rfc3339%\" fromhost=\"%fromhost%\" fromhost-ip=\"%fromhost-ip%\" myhostname=\"%$myhostname%\" inputname=\"%inputname%\" format=\"%$.syslog-relay!format%\" pri-valid=\"%$.syslog-relay!pri-valid%\" header-valid=\"%$.syslog-relay!header-valid%\" json-msg-parsed=\"%$.syslog-relay!json-msg-parsed%\" tls=\"%$.syslog-relay!tls%\" authenticated-client=\"%$.syslog-relay!authenticated-client%\"]%structured-data:R,ERE,0,BLANK:[[].*--end% %msg%\n")

Has to now be unwrapped as a long list template with constants and properties in order to be able to do the following:

property(name="$.syslog-relay!authenticated-client" format="string" datatype="bool")
...

That's just one of a half dozens of properties that need to be hand massaged. One line of config in a string template ends up expanding into about 20 or lines for a list template.

And as far as I can tell, datatype is possibly not supported in the property re-placer options? So you end up with a quoted 0 or 1 with string templates and not true or false.

Ideally, this could be fixed if an option to set datatype for a property replacer were allowed, e.g.:

authenticated-client=\"%$.syslog-relay!authenticated-client:::dataformat=bool%\"

-cbool(true) and cbool(false`) function or some other true/false value were added to to the configuration syntax.

• if the property replace options allowed setting datatype or it's not documented as supported at: https://www.rsyslog.com/doc/v8-stable/configuration/property_replacer.html