[syslog-ng] Error initializing message pipeline;
Scot
scotrn at gmail.com
Wed Jan 18 02:32:59 UTC 2017
Is client-mode("transport") now supported with ES 5.1? I thought it was
only http mode for ES 5.
I got pipeline error then switched to http thinking it was the transport
mode. http worked fine.
On Tue, Jan 17, 2017 at 9:58 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> Hi Damian,
>
> You need to specify the location to your elasticsearch installation, i.e.
> where the .jar files are installed.
> If you're using the official packages from elastic.co, they are most
> likely
> located here: /usr/share/elasticsearch/lib/
>
> So your config ought to look like the following instead:
>
> source s_syslog { udp(ip(0.0.0.0) port(514)); };
>
> destination d_elastic {
> elasticsearch2(
> client-lib-dir("/usr/share/elasticsearch/lib/")
> index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
> type("test")
> cluster("someserver")
> client-mode("transport")
> template("$(format-json --scope rfc5424 --scope nv-pairs --exclude
> DATE --key ISODATE)")
> time-zone("UTC")
> );
> };
>
> Moreover, you might want to set the destination's timezone to UTC too, or
> you'll have surprises in kibana around midnight UTC: time-zone("UTC")
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170117/b7e8cb31/attachment.html>
More information about the syslog-ng
mailing list