Using a generated field in a logstash output -

i'm trying create syslog forwarder in logstash, read in syslog messages (or format), , output syslog.

here's output config:

output {     stdout { debug => true debug_format => "json"}     syslog {         appname => "gulfstream"         facility => "daemon"         host => "127.0.0.1"         port => "514"         protocol => "tcp"         severity => "%{severity}"     } } 

and here's example log message:

{"@source":"file://ubuntu/etc/nbase/gs-switch-1/g150.log","@tags":[],"@fields":{"severity":["error"],"message":["eb3|9ac47fc nbstub.py:_refresh_socket 5 abxc"]},"@timestamp":"2013-05-14t18:35:13.095z","@source_host":"ubuntu","@source_path":"/etc/nbase/gs-switch-1/g150.log","@message":"e 2013-05-13 16:47:15,1265 eb3|9ac47fc nbstub.py:_refresh_socket 5 abxc","@type":"gs-switch"} 

note "@fields":{"severity"} section. i've tried severity => %{@fields.severity} , %{severity}, in cases error:

invalid setting syslog output plugin:    output {     syslog {       # setting must ["emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"]       # expected 1 of ["emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"], got ["%{@message}"]       severity => ["%{severity}"]       ...     }   } {:level=>:error} 

can point out i'm doing wrong?

i don't think functionality you're seeking implemented. can see need , have added ticket in. check here logstash-1090