Hi Adam, On Mon, Aug 22, 2016 at 04:30:43PM +0000, Adam Carter wrote:
[2016-08-22T17:26:35.440602] Sending destination program a TERM signal; cmdline='/usr/share/syslog-ng/include/scl/elasticsearch/es-bridge localhost 9200 syslog-ng-${YEAR} syslog-ng', child_pid='12134'
This log line suggests you're using the deprecated python script which wraps the elasticsearch destination. It's surprising the script is still present on your system. Could you check by what package it's being provided? You should use the elasticsearch or elasticsearch2 destinations depending on your version. The best option here unless you need high throughput would be to use the elasticsearch2 destination with HTTP client mode as that would be the most compatible. It will require java on your system. Please check the online documentation on how to use the new destination.