<div dir="ltr">Is <span style="font-size:12.8px">client-mode("transport") now supported with ES 5.1?   I thought it was only http mode for ES 5. </span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I got pipeline error then switched to http thinking it was the transport mode. http worked fine. </span></div><div><span style="font-size:12.8px"> </span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 17, 2017 at 9:58 AM, Fabien Wernli <span dir="ltr"><<a href="mailto:wernli@in2p3.fr" target="_blank">wernli@in2p3.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Damian,<br>
<br>
You need to specify the location to your elasticsearch installation, i.e.<br>
where the .jar files are installed.<br>
If you're using the official packages from <a href="http://elastic.co" rel="noreferrer" target="_blank">elastic.co</a>, they are most likely<br>
located here: /usr/share/elasticsearch/lib/<br>
<br>
So your config ought to look like the following instead:<br>
<span class=""><br>
    source s_syslog { udp(ip(0.0.0.0) port(514)); };<br>
<br>
    destination d_elastic {<br>
      elasticsearch2(<br>
</span>        client-lib-dir("/usr/share/<wbr>elasticsearch/lib/")<br>
<span class="">        index("syslog-ng_${YEAR}.${<wbr>MONTH}.${DAY}")<br>
        type("test")<br>
        cluster("someserver")<br>
        client-mode("transport")<br>
        template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")<br>
</span>        time-zone("UTC")<br>
      );<br>
    };<br>
<br>
Moreover, you might want to set the destination's timezone to UTC too, or<br>
you'll have surprises in kibana around midnight UTC: time-zone("UTC")<br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div>