[syslog-ng] problem elasticsearch2 creating index per HOST
Abe Lebo
abelebo at zonnet.nl
Tue Feb 6 11:59:09 UTC 2018
LS,
i want to create an Elasticsearch index per host i receive logs from
(also syslog-ng) , somehow that fails.
in have a setup that creates an index per day (see below), that works.
I can build a file output per host per day by adding the $HOST to the
filename, that works too.(see below)
but if add $HOST to the indexname it no longer creates indices.
Anybody know what's wrong?
Thanks in advance,
Abel
......
destination d_testfile {
file(
"/tmp/testlogabel-$HOST$YEAR$MONTH"
flags(syslog-protocol)
template("$(format-json @timestamp=$ISODATE --scope
nv-pairs)\n")
);
};
################################################################################
# Elasticsearch destination
################################################################################
destination d_es_per_day {
elasticsearch2(
client-lib-dir("/usr/share/elasticsearch/lib/:/usr/lib/syslog-ng/3.13/java-modules/")
index("test-abel_$YEAR.$MONTH.$DAY")
type("test")
cluster-url("http://node01:9400 http://node02:9400
http://node03:9400")
client-mode("http")
template("$(format-json @timestamp=$ISODATE --scope
nv-pairs)\n")
);
};
######
# sending logs to ES destination
log {
source(s_net);
source(s_src);
filter(f_abel);
parser(p_abel);
destination(d_es_per_day);
flags(flow-control);
};
More information about the syslog-ng
mailing list