[syslog-ng] Help! CentOS 7 ELK Stack from repos no index data.
Fabien Wernli
wernli at in2p3.fr
Thu Sep 8 15:43:17 CEST 2016
Hi again,
On Thu, Sep 08, 2016 at 12:16:22AM -0400, Scot Needy wrote:
> destination d_es {
> elasticsearch2(
> index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
> type("syslog-ng") # Description: The type of the index. For example, type("test")
> port("9300")
> server("127.0.0.1")
> concurrent-requests("5")
> flush_limit("1")
> client-mode("transport")
> skip-cluster-health-check("yes")
> cluster("meo")
> custom_id("syslog-ng")
^^^^^^^^^^^^^^^^^^^^^^
There's your problem: all documents will be assigned the literal "syslog-ng"
as _id, so you're basically pushing all data overwriting the same document
again and again :-)
sorry for not reading your config the first time
More information about the syslog-ng
mailing list