problem elasticsearch2 creating index per HOST
LS, i want to create an Elasticsearch index per host i receive logs from (also syslog-ng) , somehow that fails. in have a setup that creates an index per day (see below), that works. I can build a file output per host per day by adding the $HOST to the filename, that works too.(see below) but if add $HOST to the indexname it no longer creates indices. Anybody know what's wrong? Thanks in advance, Abel ...... destination d_testfile { file( "/tmp/testlogabel-$HOST$YEAR$MONTH" flags(syslog-protocol) template("$(format-json @timestamp=$ISODATE --scope nv-pairs)\n") ); }; ################################################################################ # Elasticsearch destination ################################################################################ destination d_es_per_day { elasticsearch2( client-lib-dir("/usr/share/elasticsearch/lib/:/usr/lib/syslog-ng/3.13/java-modules/") index("test-abel_$YEAR.$MONTH.$DAY") type("test") cluster-url("http://node01:9400 http://node02:9400 http://node03:9400") client-mode("http") template("$(format-json @timestamp=$ISODATE --scope nv-pairs)\n") ); }; ###### # sending logs to ES destination log { source(s_net); source(s_src); filter(f_abel); parser(p_abel); destination(d_es_per_day); flags(flow-control); };
Hi, I just tested this with the following simple config, and it works: destination{ elasticsearch2( client-lib-dir("/usr/share/elasticsearch/lib/") index("syslog-ng-${HOST}") type("test") cluster-url("http://localhost:9200") client-mode("http") template("$(format-json --scope nv-pairs)") ); };
On Tue, Feb 06, 2018 at 04:50:30PM +0100, Abe Lebo wrote:
Nope, does not work :-( strangest thing.
Did you define mapping templates in Elasticsearch? In any case, did you check the Elasticsearch logs, especially the master's?
participants (2)
-
Abe Lebo
-
Fabien Wernli