[rsyslog] RHEL / CentOS 8.1 omelasticsearch JSON issues

Daniel Pocock via rsyslog Thu, 08 Jul 2021 16:48:24 -0700


I installed the omelasticsearch package on a CentOS 8.1 host using the
package manager.


My process generates messages with the @cee: prefix.

When I look at the entries in OpenSearch the JSON is all embedded inside
a "MESSAGE" field:



"MESSAGE": "@cee: {\"hostname\":\" .....




If I tell the CentOS host to forward the messages over TCP to a more
modern rsyslog on Ubuntu then it is working fine.



myProcess
 -> syslog()
   -> rsyslogd/CentOS 8.1
     -> omelasticsearch
         -> MESSAGE as text


myProcess
 -> syslog()
   -> rsyslogd/CentOS 8.1
     -> TCP
       -> rsyslogd on Ubuntu
         -> omelasticsearch
            -> all the CEE fields appear in index



_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] RHEL / CentOS 8.1 omelasticsearch JSON issues

Reply via email to