2014-10-08 13:18 GMT+02:00 SjirBagmeijer <[email protected]>: > I think the biggest issue was that for me it was slightly difficult to > understand all the examples, pretty new to rsyslog so allot of information > to go trough :). > > > > But I think what i had not done was to make a template that included for > example this: > > constant(value="\"@timestamp\":\"") > property(name="timereported" dateFormat="rfc3339") > > > > This is the config I use now and that looks to work so far: > http://pastebin.com/ZC8yVN3f > > Let me re-phrase. I do not know much about ES et al. What I am thinking about is how the current doc could be improved so that the next person does not stumble into the same traps.
Any advise here? Thanks again, Rainer > > > It all shows in Kibana, only thing I cannot resolve still is that it just > dumps it all under the field "message" in Kibana, ideally would be if I can > get it split on different fields so you can make Dashboards and us the > fields. > > > > -----Original Message----- > *From:* "Rainer Gerhards"<[email protected]> > *To:* "SjirBagmeijer"<[email protected]>; "rsyslog-users"< > [email protected]>; > *Cc:* > *Sent:* 2014-10-08 (Wed) 20:10:53 > *Subject:* Re: [rsyslog] json files directly to ES > > > 2014-10-08 13:06 GMT+02:00 SjirBagmeijer <[email protected]>: > > I have everything shipped now without issues! > > > What was the problem and how did you fix it? > > Rainer > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
