[syslog-ng] Elasticsearch destination

Fabien Wernli wernli at in2p3.fr
Thu Oct 23 17:03:34 CEST 2014


On Thu, Oct 23, 2014 at 10:50:55AM -0400, jrhendri at roadrunner.com wrote:
> Are you saying I would not need to use the format-json bit? If so - how would I select/name the desired fields that were parsed with patterndb?

By simply passing `scope` to the destination block [1]
I also use a special `exclude` [2] parameter that lets me furter drop
unwanted name-values.

> As far as overall performance - I really think it is a combination of disk I/O and memory starvation.

I'm using collectd, riemann and riemann-dash to monitor syslog-ng and ES performance live

[1] https://github.com/faxm0dem/syslog_ng-elasticsearch/blob/master/perl/syslog-ng.conf#L17
[2] https://github.com/faxm0dem/syslog_ng-elasticsearch/blob/master/perl/plugin.conf#L6


More information about the syslog-ng mailing list