[rsyslog-notify] Forum Thread: elasticsearch module error on CentOS 6.5 - (Mode 'post')

[noreply at adiscon.com]

User: aaronc 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24389#p24389

Message: 
----------
I have searched Google and this forum but have not found any
troubleshooting advice. I  hope someone here can point out my error. Thanks
in advance.

Running the elasticsearch plugin per this configuration <!-- m --><a
class="postlink"
href="http://www.rsyslog.com/output-to-elasticsearch-in-logstash-format-kibana-friendly/">http://www.rsyslog.com/output-to-elasti
... -friendly/</a><!-- m --> I get this error: " action 'action 12'
suspended, next retry is Sun Mar 16 15:04:40 2014 [try <!-- m --><a
class="postlink"
href="http://www.rsyslog.com/e/2007">http://www.rsyslog.com/e/2007</a><!--
m --> ]". Looking up error 2007 provided no useful information. No other
errors in the log.

My setup is:
- Fresh CentOS 6.5 install
- Uninstalled rsyslog 5
- yum install of: rsyslog, rsyslog-elasticsearch, rsyslog-mmnormalize (all
versions 7.6.1-2)
- opened inbound TCP ports 9200 and 9300 in iptables
(elasticsearch not installed on this machine since it is running on another
server)

I use the templates from the URL above. The action looks like this:

action(
    type="omelasticsearch"
    server="my.elastic.server.com"
    serverport="9200"
    template="plain-syslog"
    searchIndex="logstash-index"
    dynSearchIndex="on")

Sending the JSON to a file works fine but elasticsearch isn't receiving
anything. I tested with other clients and elasticsearch is receiving those
JSON docs OK. Network path to elasticsearch server also tested. I'm
stumped.

Any ideas appreciated. Thanks.