[rsyslog] Can't make omelasticsearch work

Radu Gheorghe radu0gheorghe at gmail.com
Fri Feb 10 08:13:58 CET 2012


I've posted the same question on the forum here:

But I didn't get any answer so far. The idea is that I can't get the
Elasticsearch output module to work. I have this in the conf:
$ModLoad omelasticsearch.so
$template precise,"%syslogseverity% %timereported:1:19:date-rfc3339%
%HOSTNAME% %syslogtag% %msg%\n"

And I get this in the debug log (and in Elasticsearch's log):
omelasticsearch result: {"error":"ElasticSearchParseException[Failed to
derive xcontent from (offset=0, length=159):

I'm very interested in the discussions about rsyslog and Elasticsearch,
though I don't want to pollute those threads with this question.

Can anyone, please, help?

Right now I'm using a python script with omprog, which has a number of
problems. To name only a few:
- it's slow. For example, I have to parse the rsyslog output in order to
insert the stuff into Elasticsearch
- I have to reimplement a lot of functionality that is already in rsyslog.
For example, queueing

Best regards,

