[syslog-ng] Fields don't appear on kibana.
Jacek Drewniak
jacek.drewniak at oort.in
Tue Sep 1 11:28:45 CEST 2015
Unfortunately I am doing this on host with elasticsearch, that is why I
don't know what is wrong.
Message template?
My server config is: http://pastebin.com/FJzD6n77
--
*Jacek Drewniak*
R&D
*email*: jacek.drewniak at oort.in
*mobile*: *+**48 696 151 670*
*website*: www.oort.in
AWARDS
Bluetooth Breakthrough Award Finalist
CES 2015 Envisioneering Innovation & Design Award Winner
Tech Trailblazers Awards Winner
Most exciting company at Bluetooth Media Event in New York 2014
Polish Agency for Enterprise Development Award Winner
2015-09-01 11:10 GMT+02:00 Fabien Wernli <wernli at in2p3.fr>:
> Hi Jacek,
>
> On Tue, Sep 01, 2015 at 10:55:13AM +0200, Jacek Drewniak wrote:
> > When I am putting new fields to elasticsearch for example using rewrite,
> > they don't appear on kibana. But when I prefix name this fields by
> > ".SDATA.meta" - they appear.
>
> Well it depends on where you set these fields. If you do it on the host
> with the elasticsearch destination instance, they should appear (provided
> you've got the right `message_template`).
> However if you set them on the remote host sending the data using RFC5424,
> then you need to prepend the STATA bit, otherwise syslog-ng won't send them
> over to the elasticsearch writer.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150901/f6275e0c/attachment.htm
More information about the syslog-ng
mailing list