[syslog-ng] Fields don't appear on kibana.

Scheidler, Balázs balazs.scheidler at balabit.com
Fri Sep 4 06:42:06 CEST 2015


you are right, it is a huge oversight. can you pls suggest an on wire
format how this should work?

-- 
Bazsi
This is a huge oversight. I have "complained" about this before. A JSON
source (json parser) should append all of the tags from the JSON payload
into the current set of TAGS.

I'm not sure about syslog protocol (new RFC) if the TAGS is prepended
with the .SDATA if the syslog parser will populate the TAGS. I would
hope so.

Evan.

On 09/02/2015 12:00 AM, Fabien Wernli wrote:
> Hi Balázs,
>
> On Wed, Sep 02, 2015 at 07:16:32AM +0200, Scheidler, Balázs wrote:
>> The best solution to send dara over the wire between two Syslog-ng
>> instances (e.g. the one getting the logs and the other storing them in
>> elastic) is to use json to encode name-value pairs.
> That's another way, indeed. What these have in common, though, is that
there
> is no way to transmit TAGS from one syslog-ng instance to another properly
> (then use tags() filters on the remote end)
>
>
______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150904/2920a3f8/attachment.htm 


More information about the syslog-ng mailing list