[syslog-ng] Stupid E-S-K Question
Scot
scotrn at gmail.com
Wed Jan 25 04:56:44 UTC 2017
*E*lastic, *S*yslog-ng *K*ibana
Upgraded to latest of ES Stack, Kibana 5 and syslog-ng 3.9.1
I had a Kibana dashboard with a bar chart of unique count of systems that
had sent a syslog heartbeat. So I could see any missed heartbeats for any
host in the last 24 hours.
Post upgrade of syslog-ng the host_from, host fields do not seem to come
into ES as usable fields because they are not indexed. So visualizations
"bar charts by unique 'host" is broken. Has anyone seen this?
client-mode("http")
index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
type("syslog") # Description: The type of the index. For
example, type("test")
template("$(format-json --scope rfc3164 --scope nv-pairs
--exclude R_DATE --key ISODATE)\n")
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170124/72f3eb58/attachment.html>
More information about the syslog-ng
mailing list