[rsyslog] Can't make omelasticsearch work

Radu Gheorghe radu0gheorghe at gmail.com
Fri Feb 10 08:13:58 CET 2012


Hi,

I've posted the same question on the forum here:
http://kb.monitorware.com/can-install-elasticsearch-output-module-t11309.html#p21855

But I didn't get any answer so far. The idea is that I can't get the
Elasticsearch output module to work. I have this in the conf:
------------------
$ModLoad omelasticsearch.so
$template precise,"%syslogseverity% %timereported:1:19:date-rfc3339%
%HOSTNAME% %syslogtag% %msg%\n"
*.*
 -/var/log/messages;precise
*.*
 :omelasticsearch:;precise
------------------

And I get this in the debug log (and in Elasticsearch's log):
------------------
omelasticsearch result: {"error":"ElasticSearchParseException[Failed to
derive xcontent from (offset=0, length=159):
------------------

I'm very interested in the discussions about rsyslog and Elasticsearch,
though I don't want to pollute those threads with this question.

Can anyone, please, help?

Right now I'm using a python script with omprog, which has a number of
problems. To name only a few:
- it's slow. For example, I have to parse the rsyslog output in order to
insert the stuff into Elasticsearch
- I have to reimplement a lot of functionality that is already in rsyslog.
For example, queueing

Best regards,
Radu



More information about the rsyslog mailing list