So, I rebuilt my home stand alone system and only used the supported 3.8 and ES 2.4 current repos. Everything seems to be up and running with no complaints but I am not getting any data in Kibana, syslog-ng_* index and I can’t figure out if it’s something in syslog-ng.conf. Getting a bunch of stuff in /var/log/network.log from my cable modem but nothing is showing in discovery HELP! I’ve looked at this for hours and tried so many variants on destination d_es client-mode, all supported template options… Only thing weird I can see is this in the es logs. data=false [2016-09-08 00:00:01,977][INFO ][cluster.metadata ] [node-1] [syslog-ng_2016.09.08] creating index, cause [auto(bulk api)], templates [], shards [5]/[1], mappings [] [2016-09-08 00:00:02,108][INFO ][cluster.routing.allocation] [node-1] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[syslog-ng_2016.09.08][0], [syslog-ng_2016.09.08][0]] ...]). [2016-09-08 00:00:02,127][INFO ][cluster.metadata ] [node-1] [syslog-ng_2016.09.08] create_mapping [syslog-ng] [2016-09-08 00:15:28,886][INFO ][cluster.service ] [node-1] removed {{node-1}{kSmxkMoZQu6ZXvWWb70L5g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node-left({node-1}{kSmxkMoZQu6ZXvWWb70L5g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}), reason(left) [2016-09-08 00:15:39,358][INFO ][cluster.service ] [node-1] added {{node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}]) [2016-09-08 00:15:44,409][INFO ][cluster.metadata ] [node-1] [syslog-ng_2016.09.08] update_mapping [syslog-ng] [2016-09-08 00:31:14,268][INFO ][cluster.service ] [node-1] removed {{node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node-left({node-1}{Df73oV_kQCubR5MeHiJnJA}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}), reason(left) [2016-09-08 00:31:19,823][INFO ][cluster.service ] [node-1] added {{node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}]) [2016-09-08 00:38:29,163][INFO ][cluster.service ] [node-1] removed {{node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node-left({node-1}{4h_70582RoWKL-jsAPzF4g}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}), reason(left) https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-reposi... <https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html> https://www.elastic.co/guide/en/kibana/4.6/setup-repositories.html <https://www.elastic.co/guide/en/kibana/4.6/setup-repositories.html> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czani... <https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czanik-syslog-ng38-epel-7.repo> [root@meo syslog-ng]# cat /etc/syslog-ng/syslog-ng.conf @version:3.8 @include "scl.conf" @module mod-java options { flush_lines (0); time_reopen (10); log_fifo_size (1000); chain_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); ts_format(iso); }; source s_netsyslog { udp(); tcp(); syslog(); }; source s_sys { system(); internal(); }; destination d_es { elasticsearch2( index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog-ng") # Description: The type of the index. For example, type("test") port("9300") server("127.0.0.1") concurrent-requests("5") flush_limit("1") client-mode("transport") skip-cluster-health-check("yes") cluster("meo") custom_id("syslog-ng") resource("/etc/elasticsearch/elasticsearch.yml") client_lib_dir("/usr/share/elasticsearch/lib") concurrent_requests("100") ); }; destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); }; log { source(s_netsyslog); destination(d_es); }; log { source(s_sys); source(s_netsyslog); destination(d_netsyslog); }; # Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf"