[syslog-ng] Stupid E-S-K Question

Scheidler, Balázs balazs.scheidler at balabit.com
Wed Jan 25 06:22:31 UTC 2017


Can you post the format-json output so we can see if the HOST attribute is
there?

debug mode in syslog-ng should show that. Or alternatively you can use the
same template to write to a throwaway logfile.

On Jan 25, 2017 5:56 AM, "Scot" <scotrn at gmail.com> wrote:

> *E*lastic, *S*yslog-ng *K*ibana
>
> Upgraded to latest of ES Stack, Kibana 5 and syslog-ng 3.9.1
>
> I had a Kibana dashboard with a bar chart of unique count of systems that
> had sent a syslog heartbeat. So I could see any missed heartbeats for any
> host in the last 24 hours.
>
> Post upgrade of syslog-ng the host_from, host fields do not seem to come
> into ES as usable fields because they are not indexed. So visualizations
> "bar charts by unique 'host" is broken. Has anyone seen this?
>
>
>                 client-mode("http")
>                 index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
>                 type("syslog") # Description: The type of the index. For
> example, type("test")
>                 template("$(format-json --scope rfc3164 --scope nv-pairs
> --exclude R_DATE --key ISODATE)\n")
>
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170125/0b9fc503/attachment.html>


More information about the syslog-ng mailing list