[syslog-ng] Fields don't appear on kibana.

Fabien Wernli wernli at in2p3.fr
Tue Sep 1 11:10:38 CEST 2015


Hi Jacek,

On Tue, Sep 01, 2015 at 10:55:13AM +0200, Jacek Drewniak wrote:
> When I am putting new fields to elasticsearch for example using rewrite,
> they don't appear on kibana. But when I prefix name this fields by
> ".SDATA.meta"  - they appear.

Well it depends on where you set these fields. If you do it on the host
with the elasticsearch destination instance, they should appear (provided
you've got the right `message_template`).
However if you set them on the remote host sending the data using RFC5424,
then you need to prepend the STATA bit, otherwise syslog-ng won't send them
over to the elasticsearch writer.



More information about the syslog-ng mailing list