Unfortunately I am doing this on host with elasticsearch, that is why I don't know what is wrong. Message template? My server config is: http://pastebin.com/FJzD6n77 -- *Jacek Drewniak* R&D *email*: jacek.drewniak@oort.in *mobile*: *+**48 696 151 670* *website*: www.oort.in AWARDS Bluetooth Breakthrough Award Finalist CES 2015 Envisioneering Innovation & Design Award Winner Tech Trailblazers Awards Winner Most exciting company at Bluetooth Media Event in New York 2014 Polish Agency for Enterprise Development Award Winner 2015-09-01 11:10 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:
Hi Jacek,
On Tue, Sep 01, 2015 at 10:55:13AM +0200, Jacek Drewniak wrote:
When I am putting new fields to elasticsearch for example using rewrite, they don't appear on kibana. But when I prefix name this fields by ".SDATA.meta" - they appear.
Well it depends on where you set these fields. If you do it on the host with the elasticsearch destination instance, they should appear (provided you've got the right `message_template`). However if you set them on the remote host sending the data using RFC5424, then you need to prepend the STATA bit, otherwise syslog-ng won't send them over to the elasticsearch writer.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq