Draft: Use "jsonf" format for rsyslog JSON templates

Should be easier to read compared to the previous approach.

roles/float-infra-log-collector/templates/rsyslog-collector.conf.j2

@@ -52,6 +52,8 @@ template(name="TmplFile" type="list"){
 module(
   load="omelasticsearch"
 )
+
+# Templates for index names
 template(name="esIndex" type="list") {
   constant(value="logstash-")
   property(name="timereported" dateFormat="rfc3339" position.from="1" position.to="4")
@@ -76,45 +78,46 @@ template(name="esIndexHTTP" type="list") {
   constant(value=".")
   property(name="timereported" dateFormat="rfc3339" position.from="9" position.to="10")
 }
+
+# JSON template for standard log messages
 template(name="esTemplate"
-         type="list") {
-  constant(value="{")
-  constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
-  constant(value="\",\"host\":\"") property(name="hostname")
-  constant(value="\",\"severity\":\"") property(name="syslogseverity-text" caseConversion="upper")
-  constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
-  constant(value="\",\"tag\":\"") property(name="syslogtag" format="json")
-  constant(value="\",\"program\":\"") property(name="programname" format="json")
-  constant(value="\",\"message\":\"") property(name="msg" format="json")
-  constant(value="\",")
-  property(name="$!all-json" position.from="2")
+         type="list"
+         option.jsonf="on") {
+  property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
+  property(outname="host" name="hostname" format="jsonf")
+  property(outname="severity" name="syslogseverity-text" caseConversion="upper" format="jsonf")
+  property(outname="facility" name="syslogfacility-text" format="jsonf")
+  property(outname="tag" name="syslogtag" format="jsonf")
+  property(outname="program" name="programname" format="jsonf")
+  property(outname="message" name="msg" format="jsonf")
 }
+
+# JSON template for HTTP logs
 template(name="esTemplateHTTP"
-         type="list") {
-  constant(value="{")
-  constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
-  constant(value="\",\"host\":\"") property(name="hostname")
-  constant(value="\",")
-  property(name="$!all-json" position.from="2")
+         type="list"
+         option.jsonf="on") {
+  property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
+  property(outname="host" name="hostname" format="jsonf")
+  property(name="$!all-json")
 }
+
+# JSON template for structured messages. Does not include the original
+# 'message' field (since it has supposedly been parsed already as JSON).
 template(name="esTemplateJSON"
-         type="list") {
-  constant(value="{")
-  constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
-  constant(value="\",\"host\":\"") property(name="hostname")
-  constant(value="\",\"tag\":\"") property(name="syslogtag" format="json")
-  constant(value="\",\"program\":\"") property(name="programname" format="json")
-  constant(value="\",")
-  property(name="$!all-json" position.from="2")
+         type="list"
+         option.jsonf="on") {
+  property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
+  property(outname="host" name="hostname" format="jsonf")
+  property(outname="tag" name="syslogtag" format="jsonf")
+  property(outname="program" name="programname" format="jsonf")
+  property(name="$!all-json")
 }
 # Structured audit logs already contain a @timestamp field, so we
 # don't have to add our own.
 template(name="esTemplateAudit"
          type="list") {
-  constant(value="{")
-  constant(value="\"host\":\"") property(name="hostname")
-  constant(value="\",")
-  property(name="$!all-json" position.from="2")
+  property(outname="host" name="hostname" format="jsonf")
+  property(name="$!all-json")
 }
 {% endif %}