Document purpose of "hostname" field

[candlerb]

Is your feature request related to a problem? Please describe.
JSON mapping includes a "hostname" field, but I am unclear as to what this is used for.

I could map the syslog hostname to this field:

{"software":"rsyslog",...,"hostname":"hostname"}

This would be a useful thing to record somewhere, since if a syslog message is relayed through intermediate servers, the host where the message originated does not necessarily match the syslog-source-ip (which is the last relay)

However, in src/processors/engine.c I see the hostname used to construct a URL, whose purpose I don't know:

            if ( SaganProcSyslog_LOCAL->hostname[0] != '\0' )
                {
                    char tmp_normalize_http_uri[MAX_HOSTNAME_SIZE + MAX_URL_SIZE] = { 0 };
                    snprintf(tmp_normalize_http_uri, sizeof(tmp_normalize_http_uri), "%s%s", SaganProcSyslog_LOCAL->hostname, SaganProcSyslog_LOCAL->url);
                    normalize_http_uri = tmp_normalize_http_uri;
                }

So maybe "hostname" is intended for something else (e.g. hostname of the sagan server? hostname of some third-party checking service?)

I also observe that the pipe input format does not define a hostname field. The first field is enforced to be an IP address in src/input-pipe.c so you can't put the hostname from the syslog message here.

Describe the solution you'd like
Document purpose of "hostname". If it's meant to be used for the syslog hostname then also add it to the "syslog-ng" entry in json-input.map

Describe alternatives you've considered
N/A

Additional context
N/A

[beave]

This does need to be documented. This is pretty new. I'm going to try and work on documentation on the flight home. Leaving this open to remind me!