Hi,all
I tried the following command and got the same error:
curl -H "Content-Type: text/json" -XPOST 'manager.server:9200/books/es/1' -d
'{"title":"Elasticsearch Server", "publicshed":2013}'
ERROR:
{"error":"Content-Type header [text/json] is not supported","status":406}
I changed the comand to this:
curl -H "Content-Type: application/json" -XPOST
'manager.server:9200/books/es/1' -d '{"title":"Elasticsearch Server",
"publicshed":2013}'
This is right!
So, can anyone tell me how to modify the Content-Type of rsyslog sending
request,Where can I set or modify this parameter?
At 2020-03-27 09:38:36, "来自小七and雨 via rsyslog" <[email protected]>
wrote:
>Thanks David Lang.
>Now I get an error msg:
>{ "request": { "url": "http:\/\/manager.server:9200\/test-index\/test-type",
>"postdata": "{\"message\":\"Unregistered Authentication Agent for
>unix-process:12318:17143977 (system bus name
>:1.345163, object path
>\\\/org\\\/freedesktop\\\/PolicyKit1\\\/AuthenticationAgent, locale
>en_US.UTF-8) (disconnected from
>bus)\",\"fromhost\":\"master\",\"facility\":\"authpriv\",\"priority\
>":\"notice\",\"timereported\":\"2020-03-27T09:33:46.020173+08:00\",\"timegenerated\":\"2020-03-27T09:33:46.020173+08:00\"}"
> },
>"reply": { "error": "Content-Type header [text\/json; charset=utf-8] is not
>supported", "status": 406 } }
>_________________________________________________________________________
>"Content-Type header [text\/json; charset=utf-8] is not supported", "status":
>406
>I used the template of the official document. Is there a problem?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>At 2020-03-27 09:22:35, "来自小七and雨 via rsyslog" <[email protected]>
>wrote:
>>All Config:
>>——————————————————————————————————
>># rsyslog configuration file
>>
>>
>># For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
>># If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
>>
>>
>>#### MODULES ####
>>
>>
>># The imjournal module bellow is now used as a message source instead of
>>imuxsock.
>>$ModLoad imuxsock # provides support for local system logging (e.g. via
>>logger command)
>>$ModLoad imjournal # provides access to the systemd journal
>>#$ModLoad imklog # reads kernel messages (the same are read from journald)
>>#$ModLoad immark # provides --MARK-- message capability
>>
>>
>># Provides UDP syslog reception
>>$ModLoad imudp
>>$UDPServerRun 514
>>
>>
>># Provides TCP syslog reception
>>$ModLoad imtcp
>>$InputTCPServerRun 514
>>
>>
>>#module(load="imfile") #needs to be done just once
>>module(load="imfile" PollingInterval="1")
>>module(load="omkafka")
>>module(load="omelasticsearch")
>>#### GLOBAL DIRECTIVES ####
>>
>>
>># Where to place auxiliary files
>>$WorkDirectory /var/lib/rsyslog
>>
>>
>># Use default timestamp format
>>#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>>$template myFormat,"%timestamp% %fromhost-ip% %msg%\n"
>>$ActionFileDefaultTemplate myFormat
>>
>>
>>template(name="testTemplate"
>> type="list"
>> option.json="on") {
>> constant(value="{")
>> constant(value="\"timestamp\":\"")
>> property(name="timereported" dateFormat="rfc3339")
>> constant(value="\",\"message\":\"") property(name="msg")
>> constant(value="\",\"host\":\"") property(name="hostname")
>> constant(value="\",\"severity\":\"")
>> property(name="syslogseverity-text")
>> constant(value="\",\"facility\":\"")
>> property(name="syslogfacility-text")
>> constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
>> constant(value="\"}")
>>}
>>
>>
>># File syncing capability is disabled by default. This feature is usually not
>>required,
>># not useful and an extreme performance hit
>>#$ActionFileEnableSync on
>>
>>
>># Include all config files in /etc/rsyslog.d/
>>$IncludeConfig /etc/rsyslog.d/*.conf
>>
>>
>># Turn off message reception via local log socket;
>># local messages are retrieved through imjournal now.
>>$OmitLocalLogging on
>>
>>
>># File to store the position in the journal
>>$IMJournalStateFile imjournal.state
>>
>>
>>
>>
>>#### RULES ####
>>
>>
>># Log all kernel messages to the console.
>># Logging much else clutters up the screen.
>>#kern.* /dev/console
>>
>>
>># Log anything (except mail) of level info or higher.
>># Don't log private authentication messages!
>>*.info;mail.none;authpriv.none;cron.none /var/log/messages
>>
>>
>># The authpriv file has restricted access.
>>authpriv.* /var/log/secure
>>
>>
>># Log all the mail messages in one place.
>>mail.* -/var/log/maillog
>>
>>
>>
>>
>># Log cron stuff
>>cron.* /var/log/cron
>>
>>
>># Everybody gets emergency messages
>>*.emerg :omusrmsg:*
>>
>>
>># Save news errors of level crit and higher in a special file.
>>uucp,news.* /var/log/spooler
>>
>>
>># Save boot messages also to boot.log
>>local7.* /var/log/boot.log
>>
>>
>>
>>
>># ### begin forwarding rule ###
>># The statement between the begin ... end define a SINGLE forwarding
>># rule. They belong together, do NOT split them. If you create multiple
>># forwarding rules, duplicate the whole block!
>># Remote Logging (we use TCP for reliable delivery)
>>#
>># An on-disk queue is created for this action. If the remote host is
>># down, messages are spooled to disk and sent when it is up again.
>>#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
>>#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
>>#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
>>#$ActionQueueType LinkedList # run asynchronously
>>#$ActionResumeRetryCount -1 # infinite retries if host is down
>># remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
>>#*.* @@remote-host:514
>>input(type="imfile" File="/var/log/app.his.log" Tag="user-cmd"
>>Severity="info" Facility="local1")
>>
>>
>>*.info;mail.none;authpriv.none;cron.none @@info.server.com:514
>>
>>
>>
>>
>>local1.info/data/log/testkafka
>>&action(type="omkafka" topic="mytopic" confParam="compression.codec=snappy"
>>broker="manager.server:9092")
>>
>>
>>local1.info action(type="omelasticsearch" server="manager.server:9200"
>>searchIndex="test-index" searchType="test-type")
>>
>>
>>
>>
>>_____________________________________________________________________________________________
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>At 2020-03-27 08:37:07, "来自小七and雨 via rsyslog" <[email protected]>
>>wrote:
>>>
>>>
>>>
>>>sorry,here is config:
>>>__________________________________________________
>>>module(load="omkafka")
>>>module(load="omelasticsearch")
>>>template(name="testTemplate"
>>> type="list"
>>> option.json="on") {
>>> constant(value="{")
>>> constant(value="\"timestamp\":\"")
>>> property(name="timereported" dateFormat="rfc3339")
>>> constant(value="\",\"message\":\"") property(name="msg")
>>> constant(value="\",\"host\":\"") property(name="hostname")
>>> constant(value="\",\"severity\":\"")
>>> property(name="syslogseverity-text")
>>> constant(value="\",\"facility\":\"")
>>> property(name="syslogfacility-text")
>>> constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
>>> constant(value="\"}")
>>> }
>>>
>>>
>>>
>>>local1.info action(type="omelasticsearch" server="manager.server:9200"
>>>searchIndex="test-index" searchType="test-type")
>>>
>>>___________________________________________________________
>>>And, there is no error log。
>>>I tried "rsyslogd -n" startup, but there was no extra information output, no
>>>error was reported, and elasticsearch did not receive the messages. This
>>>confuses me.
>>>
>>>
>>>Also, I used it to forward the message to kafka's message successfully.
>>>
>>>
>>>Any suggestions
>>>thanks
>>>
>>>
>>>
>>>
>>>At 2020-03-27 01:04:38, "John Chivian via rsyslog"
>>><[email protected]> wrote:
>>>>No one can help you unless you provide detail. Start with your exact
>>>>rsyslog configuration, and any examples of error messages.
>>>>
>>>>Regards,
>>>>
>>>>
>>>>On 3/26/20 5:34 AM, 来自小七and雨 via rsyslog wrote:
>>>>> Hi everyone,
>>>>> I tried using rsyslog to send log messages to es, but failed.
>>>>> I checked that the IP and port of es are correct, and I have also
>>>>> confirmed that the es plugins is installed.
>>>>> Checking that No corresponding index/type was created in es..
>>>>> Can anyone help me? Thank you!
>>>>> ______________________________________
>>>>> env :
>>>>> elasticsearch v7.3
>>>>> rsyslog v8.24
>>>>> centos v7.4
>>>>> _______________________________________________
>>>>> rsyslog mailing list
>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> http://www.rsyslog.com/professional-services/
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>>>> DON'T LIKE THAT.
>>>>
>>>>
>>>>_______________________________________________
>>>>rsyslog mailing list
>>>>https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>http://www.rsyslog.com/professional-services/
>>>>What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
>>>>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
>>>>LIKE THAT.
>>>_______________________________________________
>>>rsyslog mailing list
>>>https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>http://www.rsyslog.com/professional-services/
>>>What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
>>>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
>>>LIKE THAT.
>>_______________________________________________
>>rsyslog mailing list
>>https://lists.adiscon.net/mailman/listinfo/rsyslog
>>http://www.rsyslog.com/professional-services/
>>What's up with rsyslog? Follow https://twitter.com/rgerhards
>>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
>>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
>>LIKE THAT.
>_______________________________________________
>rsyslog mailing list
>https://lists.adiscon.net/mailman/listinfo/rsyslog
>http://www.rsyslog.com/professional-services/
>What's up with rsyslog? Follow https://twitter.com/rgerhards
>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
>THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
