<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<div id="compose" contenteditable="true" style="padding-left: 16px; padding-right: 16px; padding-bottom: 8px;">
<div>hi,</div>
<div><br>
</div>
<div>we support ES5.x only via http mode.</div>
<div><br>
</div>
<div>regards,</div>
<div>Laszlo Budai<br>
<br>
</div>
</div>
<div class="gmail_quote">_____________________________<br>
From: Scot <<a dir="ltr" href="mailto:scotrn@gmail.com" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="0">scotrn@gmail.com</a>><br>
Sent: Wednesday, January 18, 2017 3:33 AM<br>
Subject: Re: [syslog-ng] Error initializing message pipeline;<br>
To: Syslog-ng users' and developers' mailing list <<a dir="ltr" href="mailto:syslog-ng@lists.balabit.hu" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="1">syslog-ng@lists.balabit.hu</a>>, Fabien Wernli <<a dir="ltr" href="mailto:wernli@in2p3.fr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="2">wernli@in2p3.fr</a>><br>
<br>
<br>
<meta content="text/html; charset=utf-8">
<div dir="ltr">Is <span style="font-size:12.8px">client-mode("transport") now supported with ES 5.1? I thought it was only http mode for ES 5. </span>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">I got pipeline error then switched to http thinking it was the transport mode. http worked fine. </span></div>
<div><span style="font-size:12.8px"> </span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jan 17, 2017 at 9:58 AM, Fabien Wernli <span dir="ltr">
<<a href="mailto:wernli@in2p3.fr" target="_blank">wernli@in2p3.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
Hi Damian,<br>
<br>
You need to specify the location to your elasticsearch installation, i.e.<br>
where the .jar files are installed.<br>
If you're using the official packages from <a href="http://elastic.co" rel="noreferrer" target="_blank">
elastic.co</a>, they are most likely<br>
located here: /usr/share/elasticsearch/lib/<br>
<br>
So your config ought to look like the following instead:<br>
<span class=""><br>
source s_syslog { udp(ip(0.0.0.0) port(514)); };<br>
<br>
destination d_elastic {<br>
elasticsearch2(<br>
</span> client-lib-dir("/usr/share/<wbr>elasticsearch/lib/")<br>
<span class=""> index("syslog-ng_${YEAR}.${<wbr>MONTH}.${DAY}")<br>
type("test")<br>
cluster("someserver")<br>
client-mode("transport")<br>
template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")<br>
</span> time-zone("UTC")<br>
);<br>
};<br>
<br>
Moreover, you might want to set the destination's timezone to UTC too, or<br>
you'll have surprises in kibana around midnight UTC: time-zone("UTC")<br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">
https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">
http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">
http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<br>
</div>
</body>
</html>