syslog Structured Data parsing does not parse 2 datas with the same header

[btsimonh]

when parsing syslog using syslog UDP configured:

expand_structured_data: true recv_buffer_size: 16384 port: 514 override_source: allow_override_date: true bind_address: 0.0.0.0 store_full_message: true

if a message has 2 Structured Data elements with the same prefix like below:

<133>1 2015-07-22T14:54:24.332Z plyscreen TemplateCP 2388 0 [PS@1852 tag="Discovery"][PS@1852 type="4" catagory="1" eventId="0" PCR="20:14:30.919" PCRd="3279191366" deviceId="0" deviceType="5" processId="2388" threadId="148"] Running PS@1852 tag="Discovery" does not create a field PS@1852_tag if changed to ME@1852, then it does.... all the fields in the second structured data do produce fields. Not dead urgent because I can change the first prefix.... but though i better log it.

[joschi]

Just for reference: This has been discussed in Graylog2/graylog2-server#1319

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.