We have logs that comes from a log aggregator, so they are coming from a single source.  We are sending the logs to file destination, which our SEIM is monitoring the root of the folder to detect the new files.  Our current default config is as below,

Despite I have read docs and examples, I still cannot figure out how I can prepend a text depending on a filter. I want to prepend my personal severity and app to the log message  (${LEVEL} and ${PROGRAM} are not suitable for me).

I have highlighted in…