[syslog-ng] Openstack is a chatty $#!^
Fabien Wernli
wernli at in2p3.fr
Thu Oct 13 07:25:45 UTC 2016
On Thu, Oct 13, 2016 at 07:48:36AM +0200, Fabien Wernli wrote:
> Hi Scot!
>
> We use a single destination but set the ${__es_index} macro using rewrite
> rules:
>
> elasticsearch2(index("${__es_index:-syslog}-$YEAR.$MONTH.$DAY"));
so for instance:
destination d_elastic {
elasticsearch2(
...
index("${__es_index:-syslog}-$YEAR.$MONTH.$DAY")
);
};
log {
...
junction {
channel {
filter(f_foo);
rewrite {
set("foo", value("__es_index"));
};
flags(final);
};
channel {
filter(f_bar);
rewrite {
set("bar", value("__es_index"));
};
flags(final);
};
};
destination(d_elastic);
};
More information about the syslog-ng
mailing list