full configuration please. David Lang On Fri, 9 Jul 2021, Daniel Pocock via rsyslog wrote:
Date: Fri, 9 Jul 2021 01:48:07 +0200 From: Daniel Pocock via rsyslog <[email protected]> To: rsyslog-users <[email protected]> Cc: Daniel Pocock <[email protected]> Subject: [rsyslog] RHEL / CentOS 8.1 omelasticsearch JSON issues I installed the omelasticsearch package on a CentOS 8.1 host using the package manager. My process generates messages with the @cee: prefix. When I look at the entries in OpenSearch the JSON is all embedded inside a "MESSAGE" field: "MESSAGE": "@cee: {\"hostname\":\" ..... If I tell the CentOS host to forward the messages over TCP to a more modern rsyslog on Ubuntu then it is working fine. myProcess -> syslog() -> rsyslogd/CentOS 8.1 -> omelasticsearch -> MESSAGE as text myProcess -> syslog() -> rsyslogd/CentOS 8.1 -> TCP -> rsyslogd on Ubuntu -> omelasticsearch -> all the CEE fields appear in index _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
