[syslog-ng] systemd syslog-ng does not start CentOS 7.2.1511 [ SOLVED ]

[Scot Needy]

So in a standalone instance I should see data=true meaning the local ES node should store all data if so how ? 

destination d_es {
	elasticsearch2(
		index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
		type("syslog-ng") # Description: The type of the index. For example, type("test")
		template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})")
		#template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n")

		port("9300")
		server("localhost")
		flush_limit("5000")
		client_mode("node")
		cluster("syslog-ng")
		custom_id("syslog")
		resource("/etc/elasticsearch/elasticsearch.yml")
		client_lib_dir("/usr/share/elasticsearch/lib")
		concurrent_requests("100")
	);
};


[2016-04-14T09:45:06.369181] org.syslog_ng.elasticsearch_v2.ElasticSearchDestination.createIndexRequest:95 - Outgoing log entry, json='{"PROGRAM":"wlc01","PRIORITY":"warning","MESSAGE":"*dtlArpTask: Apr 14 09:45:09.941: #DTL-4-ARP_NULL_SRC_IP: dtl_net.c:2693 Recv ARP Request with source IP as 0. Marking for Duplicate Addr Detection.","ISODATE":"2016-04-14T09:45:06-04:00","HOST":"10.36.75.4","FACILITY":"local4","timestamp":"2016-04-14T09:45:06-04:00"}';
[2016-04-14T09:45:06.919922] org.syslog_ng.elasticsearch_v2.messageprocessor.ESBulkMessageProcessor$BulkProcessorListener.beforeBulk:42 - Start bulk processing, id='2';
[2016-04-14T09:45:06.926354] org.syslog_ng.elasticsearch_v2.messageprocessor.ESBulkMessageProcessor$BulkProcessorListener.afterBulk:48 - Bulk processing finished successfully, id='2', numberOfMessages='1';




> On Apr 14, 2016, at 5:15 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> 
> On Wed, Apr 13, 2016 at 12:24:50PM -0400, Scot Needy wrote:
>> Does not look like I’m getting data into es. How could I tell does data=false mean it’s not storring  ? 
> 
> no, data=false means syslog-ng won't create shards in its ES instance, which
> is perfectly normal and expected
>