I don't get it, I don't have that in my current ES target for syslog. destination d_es { elasticsearch2( disk-buffer( reliable(no) # If set to no, the normal disk-buffer will be used. This provides a faster, option dir("/opt/syslog-ng/buffer") disk-buf-size(10485760) mem-buf-length(100000) # number of messages stored in overflow queue ) client-mode("http") index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog") # Description: The type of the index. For example, type("test") template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n") cluster-url("http://192.168.1.16:9200/") concurrent-requests("5") # Number of concurrrent batches flush_limit("5000") # The number of messages in a single batch skip-cluster-health-check("yes") cluster("hal") client_lib_dir("/usr/share/elasticsearch/lib") ); }; On Fri, May 12, 2017 at 4:32 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, May 12, 2017 at 12:50:16AM -0400, Scot wrote:
destination d_es_beats { elasticsearch2( disk-buffer( [...] index("winlogbeat-${YEAR}.${MONTH}.${DAY}")
just a sidenote here: don't forget to add time-zone(UTC) to your elasticsearch destination, otherwise you'll have surprises in Kibana
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq