[syslog-ng] [SOLVED]Re: Help! CentOS 7 ELK Stack from repos no index data.
Scot Needy
scotrn at gmail.com
Fri Sep 9 03:21:51 CEST 2016
Thanks Fabien, that worked but not exactly sure why.
I thought custom_id just added a tag to the document in ES.
> On Sep 8, 2016, at 9:45 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
>
> On Thu, Sep 08, 2016 at 03:43:17PM +0200, Fabien Wernli wrote:
>>> custom_id("syslog-ng")
>> ^^^^^^^^^^^^^^^^^^^^^^
>> There's your problem: all documents will be assigned the literal "syslog-ng"
>> as _id, so you're basically pushing all data overwriting the same document
>> again and again :-)
>
> so the fix is simply to drop that option altogether
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list