Действия

Rsyslog » История » Редакция 4

« Предыдущее | Редакция 4/9 (Разница(diff)) | Следующее »
Константин Пильник, 2022-11-30 17:15

rsyslog -> elasticsearch¶

# elasticsearch
module(load="omelasticsearch")
template(name="elastic_date_template" type="list") {
    constant(value="rsyslog-")
    property(name="timereported" dateformat="year")
    constant(value=".")
    property(name="timereported" dateformat="month")
    constant(value=".")
    property(name="timereported" dateformat="day")
}

template(name="elastic_msg_template" type="list" option.json="on") {
    constant(value="{")
    constant(value="\"timestamp\":\"")      property(name="timereported" dateFormat="rfc3339")
    constant(value="\",\"message\":\"")     property(name="msg")
    constant(value="\",\"host\":\"")        property(name="hostname")
    constant(value="\",\"severity\":\"")    property(name="syslogseverity-text")
    constant(value="\",\"facility\":\"")    property(name="syslogfacility-text")
    constant(value="\",\"syslogtag\":\"")   property(name="syslogtag")
    constant(value="\",\"programname\":\"") property(name="programname")
    constant(value="\",\"procid\":\"")      property(name="procid")
    constant(value="\"}")
}

action(
    type="omelasticsearch" 
    server="127.0.0.1" 
    serverport="9200" 
    usehttps="off" 
    uid="elastic" 
    pwd="mypass1" 
    template="elastic_msg_template" 
    dynSearchIndex="on" 
    searchIndex="elastic_date_template" 
    searchType="rsyslog" 
    bulkmode="on" 
    maxbytes="100m" 
    queue.type="linkedlist" 
    queue.size="5000" 
    queue.dequeuebatchsize="300" 
    action.resumeretrycount="-1" 
)

Файлы (0)

Обновлено Константин Пильник больше 1 года назад · 4 изменени(я, ий)

Проект

Общее

Профиль

База знаний

Wiki

Rsyslog » История » Редакция 4

rsyslog -> elasticsearch¶