<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">So, I rebuilt my home stand alone system and only used the supported 3.8 and ES 2.4 current repos. </div><div class=""><br class=""></div><div class="">Everything seems to be up and running with no complaints but I am not getting any data in Kibana, syslog-ng_* index and I can’t figure out if it’s something in syslog-ng.conf. </div><div class=""><br class=""></div><div class="">Getting a bunch of stuff in /var/log/network.log from my cable modem but nothing is showing in discovery HELP!</div><div class="">I’ve looked at this for hours and tried so many variants on destination d_es </div><div class="">client-mode, all supported template options… </div><div class=""><br class=""></div><div class="">Only thing weird I can see is this in the es logs. <b class="">data=false</b></div><div class=""><b class=""><br class=""></b></div><div class=""><div class="">[2016-09-08 00:00:01,977][INFO ][cluster.metadata ] [node-1] [syslog-ng_2016.09.08] creating index, cause [auto(bulk api)], templates [], shards [5]/[1], mappings []</div><div class="">[2016-09-08 00:00:02,108][INFO ][cluster.routing.allocation] [node-1] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[syslog-ng_2016.09.08][0], [syslog-ng_2016.09.08][0]] ...]).</div><div class="">[2016-09-08 00:00:02,127][INFO ][cluster.metadata ] [node-1] [syslog-ng_2016.09.08] create_mapping [syslog-ng]</div><div class="">[2016-09-08 00:15:28,886][INFO ][cluster.service ] [node-1] removed {{node-1}{kSmxkMoZQu6ZXvWWb70L5g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node-left({node-1}{kSmxkMoZQu6ZXvWWb70L5g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}), reason(left)</div><div class="">[2016-09-08 00:15:39,358][INFO ][cluster.service ] [node-1] added {{node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}])</div><div class="">[2016-09-08 00:15:44,409][INFO ][cluster.metadata ] [node-1] [syslog-ng_2016.09.08] update_mapping [syslog-ng]</div><div class="">[2016-09-08 00:31:14,268][INFO ][cluster.service ] [node-1] removed {{node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node-left({node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}), reason(left)</div><div class="">[2016-09-08 00:31:19,823][INFO ][cluster.service ] [node-1] added {{node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}])</div><div class="">[2016-09-08 00:38:29,163][INFO ][cluster.service ] [node-1] removed {{node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node-left({node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}), reason(left)</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div style="font-family:'Helvetica Neue';font-size:14px;" class=""><a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html" rev="en_rl_small" class="">https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html</a></div><div style="font-family:'Helvetica Neue';font-size:14px;" class=""><a href="https://www.elastic.co/guide/en/kibana/4.6/setup-repositories.html" class="">https://www.elastic.co/guide/en/kibana/4.6/setup-repositories.html</a></div></div><div style="font-family:'Helvetica Neue';font-size:14px;" class=""><a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czanik-syslog-ng38-epel-7.repo" class="">https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czanik-syslog-ng38-epel-7.repo</a> </div><div style="font-family:'Helvetica Neue';font-size:14px;" class=""><br class=""></div><div class=""><div class="">[root@meo syslog-ng]# cat /etc/syslog-ng/syslog-ng.conf</div><div class="">@version:3.8</div><div class="">@include "scl.conf"</div><div class="">@module mod-java</div><div class=""><br class=""></div><div class="">options {</div><div class=""> flush_lines (0);</div><div class=""> time_reopen (10);</div><div class=""> log_fifo_size (1000);</div><div class=""> chain_hostnames (off);</div><div class=""> use_dns (no);</div><div class=""> use_fqdn (no);</div><div class=""> create_dirs (yes);</div><div class=""> keep_hostname (yes);</div><div class=""> ts_format(iso);</div><div class="">};</div><div class=""><br class=""></div><div class="">source s_netsyslog {</div><div class=""> <span class="Apple-tab-span" style="white-space: pre;"> </span>udp();</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>tcp();</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>syslog();</div><div class="">};</div><div class=""><br class=""></div><div class="">source s_sys {</div><div class=""> system();</div><div class=""> internal();</div><div class="">};</div><div class=""><br class=""></div><div class="">destination d_es {</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>elasticsearch2(</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>index("syslog-ng_${YEAR}.${MONTH}.${DAY}")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>type("syslog-ng") # Description: The type of the index. For example, type("test")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>port("9300")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>server("127.0.0.1")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>concurrent-requests("5")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>flush_limit("1")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>client-mode("transport")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>skip-cluster-health-check("yes")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>cluster("meo")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>custom_id("syslog-ng")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>resource("/etc/elasticsearch/elasticsearch.yml")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>client_lib_dir("/usr/share/elasticsearch/lib")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>concurrent_requests("100")</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>);</div><div class="">};</div><div class=""><br class=""></div><div class="">destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };</div><div class=""><br class=""></div><div class="">log {</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>source(s_netsyslog);</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>destination(d_es);</div><div class=""> };</div><div class=""><br class=""></div><div class="">log {</div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>source(s_sys);</div><div class=""> source(s_netsyslog);</div><div class=""> destination(d_netsyslog);</div><div class=""> };</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""># Source additional configuration files (.conf extension only)</div><div class="">@include "/etc/syslog-ng/conf.d/*.conf"</div></div><div class=""><br class=""></div></body></html>