[syslog-ng] Fields don't appear on kibana.
Scheidler, Balázs
balazs.scheidler at balabit.com
Wed Sep 2 07:16:32 CEST 2015
The best solution to send dara over the wire between two Syslog-ng
instances (e.g. the one getting the logs and the other storing them in
elastic) is to use json to encode name-value pairs.
E.g. use format-json with some kind of prefix, and parse the json payload
using json-parser() on the other side.
On Sep 1, 2015 11:10 AM, "Fabien Wernli" <wernli at in2p3.fr> wrote:
> Hi Jacek,
>
> On Tue, Sep 01, 2015 at 10:55:13AM +0200, Jacek Drewniak wrote:
> > When I am putting new fields to elasticsearch for example using rewrite,
> > they don't appear on kibana. But when I prefix name this fields by
> > ".SDATA.meta" - they appear.
>
> Well it depends on where you set these fields. If you do it on the host
> with the elasticsearch destination instance, they should appear (provided
> you've got the right `message_template`).
> However if you set them on the remote host sending the data using RFC5424,
> then you need to prepend the STATA bit, otherwise syslog-ng won't send them
> over to the elasticsearch writer.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150902/816f7407/attachment.htm
More information about the syslog-ng
mailing list