[syslog-ng] Forwarding to Elastic
Balazs Scheidler
bazsi77 at gmail.com
Thu May 28 05:03:10 UTC 2020
You can map it to lower case, but I am a bit surprised that this is
required.
Here's the definition of our elasticsearch-http destination:
https://github.com/syslog-ng/syslog-ng/blob/master/scl/elasticsearch/elastic-http.conf
Note the template () parameter which you can customize to include further
mappings. Right now it only maps @timestamp to be the timestamp of the
message.
On Wed, May 27, 2020, 22:24 Shawn Taylor <staylor8 at ncsu.edu> wrote:
> I am running ES/Kibana 6.8.9-1 and am struggling with this issue.
>
>
> https://discuss.elastic.co/t/message-failed-to-find-message-in-kibana-logs/210522
>
> I have added my index to the *Logs Indices* field in the Logs
> configuration.
>
> When I look at the fields in a document I see a field called MESSAGE, but
> not message.
>
> I do not see a way to add this field in the configuration. Is it possible
> to have this document display in the Logs UI? Can I convert the fields in
> syslog-ng to lowercase before forwarding them to elastic?
>
> Thanks,
>
> Shawn
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200528/4ac7d0f4/attachment.html>
More information about the syslog-ng
mailing list