Rsyslog: Beginner issues with directing the logs to Elasticsearch

Created on 28 Dec 2018  路  4Comments  路  Source: rsyslog/rsyslog

Hi, I have recently started trying hands on rsyslog & have no previous experience of working with logs or elasticsearch. Now, I am storing my logs at two places:

  1. *.debug
  2. *.debug action(type="omelasticsearch") [ I have already loaded the omelasticsearch module ]

Now, I can go & see the logs being stored in the local destination file. But how to proceed with elasticsearch? How can I see the logs being stored in elasticsearch?

Also, the rsyslogd -N1 command is showing me no Error. But when I restart, enable & check the status of rsyslog, it then shows me following errors :

"Dec 28 08:53:00 localhost.localdomain rsyslogd[10596]: action 'action-9-omelasticsearch' suspended (module 'omelasticsearch'), retry 0. There should be messages before this one giving the reason for suspension. [v8.40.0 try https://www.rsyslog.com/e/2007 ]

Dec 28 08:53:00 localhost.localdomain rsyslogd[10596]: omelasticsearch: checkConn failed after 1 attempts. [v8.40.0 try https://www.rsyslog.com/e/2007 ]"

question
Source
picture shannider

Most helpful comment

By default it should try on localhost, but I think it's best to be specific. Here's a rather complete for rsyslog -> Elasticsearch: https://sematext.com/blog/recipe-apache-logs-rsyslog-parsing-elasticsearch/

picture radu-gheorghe on 23 Jan 2019
👍2

All 4 comments

I guess there is no elasticsearch server listening on the default port as the error message says it cannot connect.

rgerhards picture rgerhards on 10 Jan 2019

By default it should try on localhost, but I think it's best to be specific. Here's a rather complete for rsyslog -> Elasticsearch: https://sematext.com/blog/recipe-apache-logs-rsyslog-parsing-elasticsearch/

radu-gheorghe picture radu-gheorghe on 23 Jan 2019
👍2

By default it should try on localhost, but I think it's best to be specific. Here's a rather complete for rsyslog -> Elasticsearch: https://sematext.com/blog/recipe-apache-logs-rsyslog-parsing-elasticsearch/

Just a small side note the guide is not entirely perfect there is an issue with elasticsearch not understanding. date format 'RFC 2822' witch is used in the logs. Still figuring out how to get that done. But the rest of the guide is spot on ! just a fyi.

spacecabbie picture spacecabbie on 14 Jan 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 22 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

onyxmaster picture onyxmaster  路  7Comments
bbailey1024 picture bbailey1024  路  3Comments
mashayev picture mashayev  路  9Comments
rmunn picture rmunn  路  5Comments
yfliuyanyan picture yfliuyanyan  路  3Comments