[syslog-ng] Syslog-ng input for beats ?
Scot
scotrn at gmail.com
Fri May 12 10:38:46 UTC 2017
I don't get it, I don't have that in my current ES target for syslog.
destination d_es {
elasticsearch2(
disk-buffer(
reliable(no) # If set to no, the normal disk-buffer will
be used. This provides a faster, option
dir("/opt/syslog-ng/buffer")
disk-buf-size(10485760)
mem-buf-length(100000) # number of messages stored in
overflow queue
)
client-mode("http")
index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
type("syslog") # Description: The type of the index. For
example, type("test")
template("$(format-json --scope rfc3164 --scope nv-pairs
--exclude R_DATE --key ISODATE)\n")
cluster-url("http://192.168.1.16:9200/")
concurrent-requests("5") # Number of concurrrent batches
flush_limit("5000") # The number of messages in a single
batch
skip-cluster-health-check("yes")
cluster("hal")
client_lib_dir("/usr/share/elasticsearch/lib")
);
};
On Fri, May 12, 2017 at 4:32 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> On Fri, May 12, 2017 at 12:50:16AM -0400, Scot wrote:
> > destination d_es_beats {
> > elasticsearch2(
> > disk-buffer(
> [...]
> > index("winlogbeat-${YEAR}.${MONTH}.${DAY}")
>
> just a sidenote here: don't forget to add time-zone(UTC) to your
> elasticsearch destination, otherwise you'll have surprises in Kibana
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170512/3ed85118/attachment.html>
More information about the syslog-ng
mailing list