>> recently i did some testing. i tried omelasticsearch but i stopped >> using direct output plugin in the favor of logstash push agent >> >> a) i wont connect logserver to the els cluster directly (because of >> security) > > I guess this cannot be solved in any case? You talk about not using direct > connection because you want it indirect, right?
yes. logserver shoud log and not to do anything else. also i'd like to have a way to push some old data into els cluster, and that can be done with logstash in the same way both with new and old logs (`cat | logstash`). this just fits my need better right now ... >> a1) there are also issues sigsegv when setting configuration parameters >> of omelasticsearch > Was that from the recently refactored git branch? I am asking because I have > completely rewritten the config part and would be very interested in any > problems encountered. The relevant branch is here: > > http://git.adiscon.com/?p=rsyslog.git;a=shortlog;h=refs/heads/master-elastics > earch no, i used just origin/master 2 months ago >> b) logstash has better functionality in parsing and mangling data >> before they are pushed to els > > What is missing? * pushig old logs from disk * parsing using grok filters * deleting some parts of the messages it think all those are related to the way i'd like to use my logs. and it's fine for me not to mix logserver with a search engine ... i know that some many of those could be done with proper templates but ... b _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
