Jerome, I compiled rsyslog version 7.3.10 with omelasticsearch and that seemed to work. To answer your question:
Bulk mode was working when I tested (curled from the local machine), but I also tested it without bulk mode and it was still not functioning. I'm using the exact same configuration as the example: http://wiki.rsyslog.com/index.php/HOWTO:_rsyslog_%2B_elasticsearch --Jose H. www.josehelps.com On Thu, Apr 18, 2013 at 12:02 AM, Jerome Renard <[email protected]>wrote: > Hi Jose, > > On Thu, Apr 18, 2013 at 3:00 AM, Jose Hernandez <[email protected]> > wrote: > > Hello, > > I have been running into a bit of an issue with the plugin, I tested it > in > > a dev environment running rsyslogd 7.2.6 and elasticsearch 0.9.0 RC2 on a > > CentOS 6 server which I installed using the rpm available. I tried moving > > this config to our production environment I have been having issue > getting > > to work. > > > > In production I'm running elasticsearch 0.2.0 and rsyslogd 7.2.6 which I > > compiled from sourced with ----enabled elasticsearch > > > > After I migrated my configuration from Dev (which was working and edited > > the correct hostname) I see the following errors with I start: > > rsyslogd -dn > > > > 6557.417991000:43ca7940: omelasticsearch: using REST URL: ' > > http://xxx.xxx.145.6:9200/_bulk?' > > How can you get "_bulk" in your URL since (according to your > configuration below) bulk mode is off ? > > > 6557.418003000:43ca7940: omelasticsearch: do curl_easy_perform() > > 6557.452590000:43ca7940: omelasticsearch: curl_easy_perform() returned 6 > > Curl error 6 means the host can not be resolved. > > > 6557.452603000:43ca7940: omelasticsearch: we are suspending ourselfs due > to > > failure 6 of curl_easy_perform() > > 6557.452610000:43ca7940: omelasticsearch: endTransaction done with -2007 > > 6557.452616000:43ca7940: Action 0xe76e4b0 transitioned to state: rtry > > 6557.452622000:43ca7940: tryDoAction 0xe76e4b0, pnElem 1, nElem 1 > > 6557.452629000:43ca7940: omelasticsearch: tryResume called > > 6557.487637000:43ca7940: omelasticsearch: checkConn() curl_easy_perform() > > failed: couldn't resolve host name > > > > > > which makes no sense because I can get to that IP on the local host > > I'm using the following for the config: > > > > *.* action(bulkmode="off" type="omelasticsearch" > > template="customSchema" searchIndex="srchidx" dynSearchIndex="on" > > server="xxx.xxx.145.6") > > > > Could you also show your srchidx and customSchema templates ? > > > when I try the to use the hostname in the config I get > > > > 1258.920324000:43c8b940: omelasticsearch: checkConn() curl_easy_perform() > > failed: URL using bad/illegal format or missing URL > > > > URL that is trying: 1258.894466000:43c8b940: omelasticsearch: using REST > > URL: 'http://hostname:9200/logs-04-2013/events?' > > > > In my /etc/hosts file I configured my fqdn as part of the 127.0.0.1 IP > and > > when I reran rsyslog I got again the: > > > > 6557.487637000:43ca7940: omelasticsearch: checkConn() curl_easy_perform() > > failed: couldn't resolve host name > > Error > > > > I also tried installing Elasticsearch .9.0 RC2 in prod to equate all the > > versions in all software and I get the following messages: > > > > 6293.233809000:45506940: omelasticsearch: using REST URL: ' > > http://fqhn:9200/logs-04-2013/events?' > > 6293.233819000:45506940: omelasticsearch: do curl_easy_perform() > > 6293.233877000:45506940: omelasticsearch: curl_easy_perform() returned 3 > > Curl error 3 means the URL is mal formed. > > -- > Jérôme > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
