[syslog-ng] Elasticsearch destination and time-zone info
Evan Rempel
erempel at uvic.ca
Tue Sep 29 17:28:24 CEST 2015
That certainly sounds obvious, however, I can't get it to work. The documented options for the "7.2.4. Elasticsearch destination options" does NOT include a time-zone option.
My java destination is devined as:
destination d_elasticsearch_1 {
java(
class-path("/usr/local/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
option("index", "flare-${YEAR}.${MONTH}.${DAY}.${HOUR}")
option("type", "test")
option("client-mode", "node")
option("resource", "/etc/elasticsearch/elasticsearch.yml")
option("log-fifo-size","75000")
option("time-zone","UTC")
option("cluster", "uvic-cluster-01")
option("message-template", "$MESSAGE")
option("flush-limit", "50")
);
};
But my index uses the hour from the local timezone, not the UTC time zone.
Is the order of the options important?
Does the elasticsearch destination fail apply the time zone to the index?
This is beginning to look like a bug.
Evan.
On 09/28/2015 10:04 PM, Fabien Wernli wrote:
> Hi Evan,
>
> Just use the `time-zone` option in the `java` block.
>
> Cheers
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
--
Evan Rempel erempel at uvic.ca
Senior Systems Administrator 250.721.7691
Data Centre Services, University Systems, University of Victoria
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150929/fba209a0/attachment.htm
More information about the syslog-ng
mailing list