Hi Damian, You need to specify the location to your elasticsearch installation, i.e. where the .jar files are installed. If you're using the official packages from elastic.co, they are most likely located here: /usr/share/elasticsearch/lib/ So your config ought to look like the following instead: source s_syslog { udp(ip(0.0.0.0) port(514)); }; destination d_elastic { elasticsearch2( client-lib-dir("/usr/share/elasticsearch/lib/") index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("test") cluster("someserver") client-mode("transport") template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)") time-zone("UTC") ); }; Moreover, you might want to set the destination's timezone to UTC too, or you'll have surprises in kibana around midnight UTC: time-zone("UTC")