[rsyslog-notify] Forum Thread: Re: omelasticsearch not sending to logstash,stops local logg - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Sep 18 11:05:23 CEST 2014
User: rgerhards
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24941#p24941
Message:
----------
It sounds like the server or port is not reachable.
Also, I would strongly recommend using a queue for the elasticsearch
action. Otherwise, everthing is run on the main queue, and this means that
when we need to wait for ES, all other rules also need to wait. See this
article for the overall topic:
<!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/rsyslog_high_database_rate.html">http://www.rsyslog.com/doc/rsyslog_high
... _rate.html</a><!-- m -->
Note that it uses old-style legac config, but the principles still apply.
HTH
Rainer
More information about the rsyslog-notify
mailing list