1 Sep
2015
1 Sep
'15
11:10 a.m.
Hi Jacek, On Tue, Sep 01, 2015 at 10:55:13AM +0200, Jacek Drewniak wrote:
When I am putting new fields to elasticsearch for example using rewrite, they don't appear on kibana. But when I prefix name this fields by ".SDATA.meta" - they appear.
Well it depends on where you set these fields. If you do it on the host with the elasticsearch destination instance, they should appear (provided you've got the right `message_template`). However if you set them on the remote host sending the data using RFC5424, then you need to prepend the STATA bit, otherwise syslog-ng won't send them over to the elasticsearch writer.