[syslog-ng] 3.11 Multiple elastic destinations.
Scot
scotrn at gmail.com
Wed Sep 13 20:30:26 UTC 2017
Has anyone had success/failure using multiple ES destinations in syslog-ng.
I am want to direct traffic to different indexes based on syslog-ng filters
destination d_es {
elasticsearch2(
client-mode("http")
index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
type("syslog") # Description: The type of the index. For example,
type("test")
template("$(format-json --scope rfc3164 --scope nv-pairs
--exclude R_DATE --key ISODATE)\n")
cluster-url("http://elasticsearch:9200/")
concurrent-requests("5") # Number of concurrrent batches
flush_limit("5000") # The number of messages in a single
batch
skip-cluster-health-check("yes")
cluster("clustername")
client_lib_dir("/usr/share/elasticsearch/lib")
);
};
destination d_es_network {
elasticsearch2(
client-mode("http")
index("network_${YEAR}.${MONTH}.${DAY}")
type("syslog") # Description: The type of the index. For example,
type("test")
template("$(format-json --scope rfc3164 --scope nv-pairs
--exclude R_DATE --key ISODATE)\n")
cluster-url("http://elasticsearch:9200/")
concurrent-requests("5") # Number of concurrrent batches
flush_limit("5000") # The number of messages in a single
batch
skip-cluster-health-check("yes")
cluster("clustername")
client_lib_dir("/usr/share/elasticsearch/lib")
);
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170913/036117a6/attachment.html>
More information about the syslog-ng
mailing list