Are there any errors in the logs for the indexing bolt? I would expect the errors are probably at the elastic ingest point, and probably caused by an incorrect elastic template for the CEF data.
Simon > On 22 Jan 2018, at 08:24, Farrukh Naveed Anjum <[email protected]> > wrote: > > Yes its Strom Indexing Bolt that is halting it. Any one working on CEF Parser > (Can Syslog work with it like RSyslog). We are stuck at that point. > > Please see the above error and suggest > > On Mon, Jan 22, 2018 at 1:10 PM, Gaurav Bapat <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > Even I am stuck with the same, and dont know how to solve the issue. > > Looks like this is a parsing error > > On 22 January 2018 at 13:00, Farrukh Naveed Anjum <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > I am trying to Ingest syslog using CEF Parser it is not creating any Elastic > Search Index based on. > > Any suggestion how can I achieve it ? > > > > > -- > With Regards > Farrukh Naveed Anjum > > > > > -- > With Regards > Farrukh Naveed Anjum
