Re: [syslog-ng] problem elasticsearch2 creating index per HOST
ah! that must be it! I was not aware that upper case characters are not allowed in elasticsearch index names! $HOST = B8-27-AB-23-11-26 Thanks a million Fabien. Op 8-2-2018 om 10:00 schreef Fabien Wernli:
On Thu, Feb 08, 2018 at 09:42:38AM +0100, Abe Lebo wrote:
i have templates, but not one specific for this index patern.
i see no errors in the logs, i only see the indices being created if i do not add the $HOST, but only $YEAR.$MONTH.$DAY
i'll see if i can set syslog-ng logging to debug
yes, definitely try that: syslog-ng -Fdv
One other thing, what does your $HOST resolve to? There are some restrictions in ES index names, perhaps your macro contains upper case or other illegal chars?
On Thu, Feb 08, 2018 at 12:01:05PM +0100, Abe Lebo wrote:
ah! that must be it!
I was not aware that upper case characters are not allowed in elasticsearch index names!
$HOST = B8-27-AB-23-11-26
Thanks a million Fabien.
\o/ That being said, this should have been seen in the elasticsearch log
participants (2)
-
Abe Lebo
-
Fabien Wernli