<div dir="ltr">Unfortunately I am doing this on host with elasticsearch, that is why I don't know what is wrong. <div>Message template?</div><div><br></div><div>My server config is: <a href="http://pastebin.com/FJzD6n77">http://pastebin.com/FJzD6n77</a></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><p><span lang="EN-US" style="font-family:Verdana,sans-serif;color:rgb(136,136,136)">-- <br></span><b><span lang="EN-US" style="font-size:13.5pt;font-family:Verdana,sans-serif;color:black">Jacek Drewniak</span></b><span lang="EN-US" style="font-family:Verdana,sans-serif;color:black"><br></span><font color="#000000" face="Verdana, sans-serif">R&D</font></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif">email</span></b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif">: </span><span style="font-size:10pt;font-family:Verdana,sans-serif"><a href="mailto:jacek.drewniak@oort.in" target="_blank"><font color="#000000">jacek.drewniak@oort.in</font></a></span><span lang="PL" style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif;color:black">mobile</span></b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif;color:black">: <u>+</u></span><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif"><font color="#000000"><u>48 696 151 670</u></font></span><span lang="PL" style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><b><span style="font-size:10pt;font-family:Verdana,sans-serif;color:black">website</span></b><span style="font-size:10pt;font-family:Verdana,sans-serif"><font color="#000000">:</font><span style="color:black"> </span><a href="http://www.oort.in/" style="color:rgb(17,85,204)" target="_blank"><font color="#000000">www.oort.in</font></a></span><span style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><br></p><p><span lang="EN-US" style="font-family:Verdana,sans-serif;color:black"><img src="http://www.oort.in/oort-stuff/logo-mail2.png"><br></span></p><p><span style="color:rgb(153,153,153);font-family:verdana,sans-serif"><br></span></p><p><span style="color:rgb(153,153,153);font-family:verdana,sans-serif">AWARDS</span><br></p><p></p><p></p><p></p><p style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font face="verdana, sans-serif"><span style="color:rgb(153,153,153)">Bluetooth Breakthrough Award Finalist</span><br><span style="color:rgb(153,153,153)">CES 2015 </span><span style="color:rgb(153,153,153)">Envisioneering</span><i style="color:rgb(153,153,153)"> </i><span style="color:rgb(153,153,153)">Innovation & Design Award Winner</span><br><span style="color:rgb(153,153,153)">Tech Trailblazers Awards Winner</span><br><span style="color:rgb(153,153,153)">Most exciting company at Bluetooth Media Event in New York 2014</span><br><span style="color:rgb(153,153,153)">Polish Agency for Enterprise Development Award Winner</span></font><br></p></div></div></div></div></div>
<br><div class="gmail_quote">2015-09-01 11:10 GMT+02:00 Fabien Wernli <span dir="ltr"><<a href="mailto:wernli@in2p3.fr" target="_blank">wernli@in2p3.fr</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi Jacek,<br>
<span><br>
On Tue, Sep 01, 2015 at 10:55:13AM +0200, Jacek Drewniak wrote:<br>
> When I am putting new fields to elasticsearch for example using rewrite,<br>
> they don't appear on kibana. But when I prefix name this fields by<br>
> ".SDATA.meta" - they appear.<br>
<br>
</span>Well it depends on where you set these fields. If you do it on the host<br>
with the elasticsearch destination instance, they should appear (provided<br>
you've got the right `message_template`).<br>
However if you set them on the remote host sending the data using RFC5424,<br>
then you need to prepend the STATA bit, otherwise syslog-ng won't send them<br>
over to the elasticsearch writer.<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div></div>