Hello, I have been running into a bit of an issue with the plugin, I tested it in a dev environment running rsyslogd 7.2.6 and elasticsearch 0.9.0 RC2 on a CentOS 6 server which I installed using the rpm available. I tried moving this config to our production environment I have been having issue getting to work.
In production I'm running elasticsearch 0.2.0 and rsyslogd 7.2.6 which I compiled from sourced with ----enabled elasticsearch After I migrated my configuration from Dev (which was working and edited the correct hostname) I see the following errors with I start: rsyslogd -dn 6557.417991000:43ca7940: omelasticsearch: using REST URL: ' http://xxx.xxx.145.6:9200/_bulk?' 6557.418003000:43ca7940: omelasticsearch: do curl_easy_perform() 6557.452590000:43ca7940: omelasticsearch: curl_easy_perform() returned 6 6557.452603000:43ca7940: omelasticsearch: we are suspending ourselfs due to failure 6 of curl_easy_perform() 6557.452610000:43ca7940: omelasticsearch: endTransaction done with -2007 6557.452616000:43ca7940: Action 0xe76e4b0 transitioned to state: rtry 6557.452622000:43ca7940: tryDoAction 0xe76e4b0, pnElem 1, nElem 1 6557.452629000:43ca7940: omelasticsearch: tryResume called 6557.487637000:43ca7940: omelasticsearch: checkConn() curl_easy_perform() failed: couldn't resolve host name which makes no sense because I can get to that IP on the local host I'm using the following for the config: *.* action(bulkmode="off" type="omelasticsearch" template="customSchema" searchIndex="srchidx" dynSearchIndex="on" server="xxx.xxx.145.6") when I try the to use the hostname in the config I get 1258.920324000:43c8b940: omelasticsearch: checkConn() curl_easy_perform() failed: URL using bad/illegal format or missing URL URL that is trying: 1258.894466000:43c8b940: omelasticsearch: using REST URL: 'http://hostname:9200/logs-04-2013/events?' In my /etc/hosts file I configured my fqdn as part of the 127.0.0.1 IP and when I reran rsyslog I got again the: 6557.487637000:43ca7940: omelasticsearch: checkConn() curl_easy_perform() failed: couldn't resolve host name Error I also tried installing Elasticsearch .9.0 RC2 in prod to equate all the versions in all software and I get the following messages: 6293.233809000:45506940: omelasticsearch: using REST URL: ' http://fqhn:9200/logs-04-2013/events?' 6293.233819000:45506940: omelasticsearch: do curl_easy_perform() 6293.233877000:45506940: omelasticsearch: curl_easy_perform() returned 3 6293.233884000:45506940: omelasticsearch: result doAction: 0 (bulkmode 0) 6293.233890000:45506940: Action 0x30ae4b0 transitioned to state: rdy 6293.233896000:45506940: action 0x30ae4b0 call returned 0 But I still do not see any logs being indexed by the elasticsearch cluster. I'm wondering if there is an error in the way I compiled rsyslog, this is the biggest difference from prod. If someone out there would put out an rpm for rsyslog-elasticsearch like the one available in: http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/ I would be tremendously grateful. Any advices or ideas on what the issue could be? --Jose H. www.josehelps.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
