[syslog-ng] Help with ES destination error
Marco Mignone
info at marcomignone.com
Wed Jan 31 10:35:36 UTC 2018
Hi Fabien,
I have tried the following:
- emptying all index/docs in ES
- create the test/test index with the CURL in my email
- pointing syslog ES destination to the test/test index
This resulted in the same error again.
I have tried to change the template to just output all nv-pairs and use a complete new index - same error.
Grabbing some packet capture now to see if I can spot anything wrong.
Marco
> On 28 Jan 2018, at 14:19, Fabien Wernli <wernli at in2p3.fr> wrote:
>
> Hi,
>
> The reason I asked you to configure syslogng to index to "test" was to make
> sure you are in the same conditions as your curl command.
> You might for instance have a mapping template matching fw-* but not test.
>
> Please either configure syslogng to index to test, or use the same fw- index
> on the curl cmdline.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180131/a9cffab6/attachment.html>
More information about the syslog-ng
mailing list