[syslog-ng] Forwarding to Elastic
Fabien Wernli
wernli at in2p3.fr
Thu May 28 11:55:13 UTC 2020
Hi Shawn,
On Thu, May 28, 2020 at 07:48:16AM -0400, Shawn Taylor wrote:
> I can't seem to find this configuration option in Kibana. I see the MESSAGE
> field in the document, but I assume that it's case sensitive and doesn't
> recognize that field?
Yes, fields in lucene are case-sensitive (it's just JSON).
You could of course change the field name to @message (I believe you need
the @ char too) before sending it to ES. You can do this multiple ways,
either by adding a rewrite rule in your logpath, or by changing the template
in the elasticsearch destination as suggested by Bazsi.
I suggest you read the documentation, or of course we can assist you further
in this list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2801 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200528/01297a10/attachment.bin>
More information about the syslog-ng
mailing list