Here's the RsyslogDecoder bit:
*********************
[RsyslogDecoder]
type = "SandboxDecoder"
filename = "lua_decoders/rsyslog.lua"
[RsyslogDecoder.config]
type = "RSYSLOG_TraditionalFileFormat"
template = '%TIMESTAMP% %HOSTNAME%
%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n'
tz = "America/Chicago"
*********************
I tried changing "type = "RSYSLOG_TraditionalFileFormat"" to "type =
"rsyslog_traditionalfileformat"" but the output remained the same.
-Ali
On Thu, Apr 2, 2015 at 10:46 AM Ali <[email protected]> wrote:
> Hi, all.
>
> I'm getting an error back from ElasticSearchOutput output saying, "Invalid
> index name [RSYSLOG_TraditionalFileFormat-2015.04.02], must be
> lowercase]". What's the right way to handle this?
>
> The events are going from LogstreamerInput -> RsyslogDecoder ->
> ElasticSearchOutput -> ESJsonEncoder .
>
> TIA,
> Ali
>
_______________________________________________
Heka mailing list
[email protected]
https://mail.mozilla.org/listinfo/heka
