Rsyslog » История » Редакция 3
Редакция 2 (Константин Пильник, 2022-11-30 17:14) → Редакция 3/9 (Константин Пильник, 2022-11-30 17:15)
h1. rsyslog -> elasticsearch <pre><code class="perl"> # elasticsearch module(load="omelasticsearch") template(name="elastic_date_template" type="list") { constant(value="rsyslog-") property(name="timereported" dateformat="year") constant(value=".") property(name="timereported" dateformat="month") constant(value=".") property(name="timereported" dateformat="day") } template(name="elastic_msg_template" type="list" option.json="on") { constant(value="{") constant(value="\"timestamp\":\"") property(name="timereported" dateFormat="rfc3339") constant(value="\",\"message\":\"") property(name="msg") constant(value="\",\"host\":\"") property(name="hostname") constant(value="\",\"severity\":\"") property(name="syslogseverity-text") constant(value="\",\"facility\":\"") property(name="syslogfacility-text") constant(value="\",\"syslogtag\":\"") property(name="syslogtag") constant(value="\",\"programname\":\"") property(name="programname") constant(value="\",\"procid\":\"") property(name="procid") constant(value="\"}") } action( type="omelasticsearch" server="127.0.0.1" serverport="9200" usehttps="on" uid="elastic" pwd="mypass1" template="elastic_msg_template" dynSearchIndex="on" searchIndex="elastic_date_template" searchType="rsyslog" bulkmode="on" maxbytes="100m" queue.type="linkedlist" queue.size="5000" queue.dequeuebatchsize="300" action.resumeretrycount="-1" ) </code></pre>