Rsyslog » История » Редакция 4
Редакция 3 (Константин Пильник, 2022-11-30 17:15) → Редакция 4/9 (Константин Пильник, 2022-11-30 17:15)
h1. rsyslog -> elasticsearch
<pre><code class="perl">
# elasticsearch
module(load="omelasticsearch")
template(name="elastic_date_template" type="list") {
constant(value="rsyslog-")
property(name="timereported" dateformat="year")
constant(value=".")
property(name="timereported" dateformat="month")
constant(value=".")
property(name="timereported" dateformat="day")
}
template(name="elastic_msg_template" type="list" option.json="on") {
constant(value="{")
constant(value="\"timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"message\":\"") property(name="msg")
constant(value="\",\"host\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\"}")
}
action(
type="omelasticsearch"
server="127.0.0.1"
serverport="9200"
usehttps="off" usehttps="on"
uid="elastic"
pwd="mypass1"
template="elastic_msg_template"
dynSearchIndex="on"
searchIndex="elastic_date_template"
searchType="rsyslog"
bulkmode="on"
maxbytes="100m"
queue.type="linkedlist"
queue.size="5000"
queue.dequeuebatchsize="300"
action.resumeretrycount="-1"
)
</code></pre>