hi, we support ES5.x only via http mode. regards, Laszlo Budai _____________________________ From: Scot <scotrn@gmail.com<mailto:scotrn@gmail.com>> Sent: Wednesday, January 18, 2017 3:33 AM Subject: Re: [syslog-ng] Error initializing message pipeline; To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>>, Fabien Wernli <wernli@in2p3.fr<mailto:wernli@in2p3.fr>> Is client-mode("transport") now supported with ES 5.1? I thought it was only http mode for ES 5. I got pipeline error then switched to http thinking it was the transport mode. http worked fine. On Tue, Jan 17, 2017 at 9:58 AM, Fabien Wernli <wernli@in2p3.fr<mailto:wernli@in2p3.fr>> wrote: Hi Damian, You need to specify the location to your elasticsearch installation, i.e. where the .jar files are installed. If you're using the official packages from elastic.co<http://elastic.co>, they are most likely located here: /usr/share/elasticsearch/lib/ So your config ought to look like the following instead: source s_syslog { udp(ip(0.0.0.0) port(514)); }; destination d_elastic { elasticsearch2( client-lib-dir("/usr/share/elasticsearch/lib/") index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("test") cluster("someserver") client-mode("transport") template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)") time-zone("UTC") ); }; Moreover, you might want to set the destination's timezone to UTC too, or you'll have surprises in kibana around midnight UTC: time-zone("UTC") ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq