[syslog-ng] Syslog-ng input for beats ?
Scot
scotrn at gmail.com
Tue May 16 21:56:07 UTC 2017
Sorry, I wasn't implying that syslog-ng manage and apply the template to
ES.
The template has already been applied to ES.
I was thinking I could use the mappings in the template to match mappings
in syslog-ng.
If I wasn't clear before I'm trying to replicate what logstash writes
directly to ES in syslog-ng so I can use syslog-ng as an aggregator of
syslog and json data.
(beats ) ---> (logstash -TCP json output) ---> (syslog-ng TC input no-parse)
On Tue, May 16, 2017 at 3:38 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> Hi,
>
> On Mon, May 15, 2017 at 11:45:46PM -0400, Scot wrote:
> > I tried reading the mapping documentation in the Balabit Latest docs but
> > I'm not connecting these dots, sorry.
> >
> > Can I use the templates for creating the ES index as a reference for json
> > mapping in syslog-ng ?
>
> syslog-ng does not manage ES templates.
> You must add those manually using the ES REST interface:
>
> curl -XPOST 0:9200/_template/mytemplate -d@/tmp/mytemplate.json
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170516/605adc40/attachment.html>
More information about the syslog-ng
mailing list