[syslog-ng] Elasticsearch destination and date macros
Adam Carter
adam at acarter.co.uk
Mon Aug 22 18:30:43 CEST 2016
Hi All,
I am having a problem getting the date macros (Year, Month, Day) to work in syslog-ng OSE when using the elasticsearch plugin. They work for file based outputs so I know the syntax is correct and being parsed correctly. I have now upgraded from syslog-ng 3.6 to syslog-ng 3.8.1, running on Ubuntu 16.04 but still the same symptoms.
It is like the ${YEAR} is not being passed as a variable value
For example I tried using the index name "syslog-ng-${YEAR}", starting syslog-ng with -Fevd:
[2016-08-22T17:26:35.440602] Sending destination program a TERM signal; cmdline='/usr/share/syslog-ng/include/scl/elasticsearch/es-bridge localhost 9200 syslog-ng-${YEAR} syslog-ng', child_pid='12134'
The index created in elasticsearch:
yellow open syslog-ng- 5 1 239611 0 69.7mb 69.7mb
Very simple syslog-ng.conf:
destination d_elastic { elasticsearch(index("syslog-ng-${YEAR}") type("syslog-ng") ); };
log { source(s_netsyslog); destination(d_elastic); };
Is this a bug or have I missed something?
Thanks
More information about the syslog-ng
mailing list