Re: [rsyslog] rsyslog + elasticsearch help

Mon, 17 Jun 2013 21:51:05 -0700 

Hello,

i would like to know how to format the rsyslog message in the client
programs to get it parsed by json to be entered
in elasticsearch.

My rsyslog.conf has the following entries

template (name="apsimTemplate" type="list" option.json="on") {
constant(value="{") constant(value="\",\"@message\":\"")
property(name="msg") constant(value="\"}") }

*.* action(type="omelasticsearch" template="apsimTemplate" )


and I use syslog with the formatted message as shown here : syslog
(LOG_NOTICE, "{ \"@message\":\"A tree falls in a forest %d\" }", i);

But the entries do not show up in elasticsearch.log

what am I missing?

thanks
Mahesh




On Mon, Jun 17, 2013 at 7:16 PM, Mahesh V <[email protected]>wrote:

> Hello Folks,
>
> if I put the below two lines in rsyslog.conf and run a simple executable
> as shown
> below I do not get any entries in elasticsearch logs.
>
> void main()
> {
>         int i = 0;
>         setlogmask (LOG_UPTO (LOG_NOTICE));
>         openlog ("exampleprog",  LOG_PID | LOG_NDELAY, LOG_DAEMON);
>         perror("openlog");
>         for(i = 0; i < 500000; i++) {
>                 //syslog (LOG_NOTICE, "A tree falls in a forest %d", i);
>                 syslog (LOG_NOTICE, "{ \"@message\":\"A tree falls in a
> forest %d\" }", i);
>                 //usleep(200);
>         }
>         closelog ();
> }
> template (name="apsimTemplate" type="list" option.json="on") {
> constant(value="{") constant(value="\",\"@message\":\"")
> property(name="msg") constant(value="\"}") }
>
> *.* action(type="omelasticsearch" template="apsimTemplate" ) #
> searchIndex="srchidx")
>
>
> whereas if I put the below line in /etc/rsyslog.conf, the lines appear.
> jasonlint validates the line in syslog function.
>
> *.*     /var/log/elasticsearch/elasticsearch.log
> What could be the issue?
> thanks
> Mahesh
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to