2012/2/10 Vlad Grigorescu <[email protected]> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2/10/12 1:13 AM, Radu Gheorghe wrote: > > $template precise,"%syslogseverity% %timereported:1:19:date-rfc3339% > > %HOSTNAME% %syslogtag% %msg%\n" > > > > > :omelasticsearch:;precise > > I'm not sure why you're doing this. ElasticSearch expects the messages in > JSON, and if you don't give omelasticsearch a format, it will default to > StdJSONFmt. What happens if you remove ';precise'? > Hi Vlad,
Sorry for the late reply. Indeed, the template was the problem. So it worked when I removed it. My intention was to insert only a subset of data into Elasticsearch. I assumed rsyslog will automatically make my template JSON, but now I realize it makes no sense. So now I know how to do it, the only trouble being escaping quotes. You know, if there are unescaped quotes in the message it ruins the JSON format. But I'll find a way to fix this. Thanks a lot, Radu _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
