Solved using json template (code blindness).
Is there any way to set fields and use them (like @timestamp) but not
indexing them on elastic? (hidden fields)
Just tried with @timestamp, but it's being indexed :(
El 15/12/16 a las 12:32, mosto...@gmail.com escribió:
Hi
At this moment we are frowarding RELP messages to Elasticsearch using
omelasticsearch plugin, but sadly message appears as json instead of
storing each properties. eg: message is { "app": "app1"... instead of
indexed document having a app property.
Should we specify an especial param on rsyslog, a setting on elastic...?
Regards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
