8 Feb
2018
8 Feb
'18
12:01 p.m.
ah! that must be it! I was not aware that upper case characters are not allowed in elasticsearch index names! $HOST = B8-27-AB-23-11-26 Thanks a million Fabien. Op 8-2-2018 om 10:00 schreef Fabien Wernli:
On Thu, Feb 08, 2018 at 09:42:38AM +0100, Abe Lebo wrote:
i have templates, but not one specific for this index patern.
i see no errors in the logs, i only see the indices being created if i do not add the $HOST, but only $YEAR.$MONTH.$DAY
i'll see if i can set syslog-ng logging to debug
yes, definitely try that: syslog-ng -Fdv
One other thing, what does your $HOST resolve to? There are some restrictions in ES index names, perhaps your macro contains upper case or other illegal chars?