[syslog-ng] problem elasticsearch2 creating index per HOST
Abe Lebo
abelebo at zonnet.nl
Thu Feb 8 11:01:05 UTC 2018
ah! that must be it!
I was not aware that upper case characters are not allowed in
elasticsearch index names!
$HOST = B8-27-AB-23-11-26
Thanks a million Fabien.
Op 8-2-2018 om 10:00 schreef Fabien Wernli:
> On Thu, Feb 08, 2018 at 09:42:38AM +0100, Abe Lebo wrote:
>> i have templates, but not one specific for this index patern.
>>
>> i see no errors in the logs, i only see the indices being created if i do
>> not add the $HOST, but only $YEAR.$MONTH.$DAY
>>
>> i'll see if i can set syslog-ng logging to debug
>
> yes, definitely try that: syslog-ng -Fdv
>
> One other thing, what does your $HOST resolve to? There are some
> restrictions in ES index names, perhaps your macro contains upper case or
> other illegal chars?
>
>
More information about the syslog-ng
mailing list