<div dir="ltr">Has anyone had success/failure using multiple ES destinations in syslog-ng. <br><div><br></div><div>I am want to direct traffic to different indexes based on syslog-ng filters </div><div><br></div><div><div>destination d_es {</div><div>        elasticsearch2(</div><div>                client-mode("http")</div><div>                index("syslog-ng_${YEAR}.${MONTH}.${DAY}")</div><div><span style="white-space:pre">              </span>type("syslog") # Description: The type of the index. For example, type("test")</div><div>                template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n")</div><div><span style="white-space:pre">               </span>cluster-url("<a href="http://elasticsearch:9200/">http://elasticsearch:9200/</a>")</div><div>                concurrent-requests("5") # Number of concurrrent batches</div><div>                flush_limit("5000") # The number of messages in a single batch</div><div>                skip-cluster-health-check("yes")</div><div>                cluster("clustername")</div><div>                client_lib_dir("/usr/share/elasticsearch/lib")</div><div>        );</div><div>};</div></div><div><br></div><div><div><br class="gmail-Apple-interchange-newline">destination d_es_network {</div><div>        elasticsearch2(</div><div>                client-mode("http")</div><div>                index("network_${YEAR}.${MONTH}.${DAY}")</div><div><span style="white-space:pre">           </span>type("syslog") # Description: The type of the index. For example, type("test")</div><div>                template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n")</div><div><span style="white-space:pre">               </span>cluster-url("<a href="http://elasticsearch:9200/">http://elasticsearch:9200/</a>")</div><div>                concurrent-requests("5") # Number of concurrrent batches</div><div>                flush_limit("5000") # The number of messages in a single batch</div><div>                skip-cluster-health-check("yes")</div><div>                cluster("clustername")</div><div>                client_lib_dir("/usr/share/elasticsearch/lib")</div><div>        );</div><div>};</div></div></div>