Re: [rsyslog] RHEL / CentOS 8.1 omelasticsearch JSON issues

Thu, 08 Jul 2021 17:33:16 -0700 

8.32 is quite a bit older than 8.1911 (2-3 years)
Please log a message with the template RSYSLOG_DebugFormat on both so we can see what's different 


I also don't know what the default rsyslog.conf is on every system, so please 
include  that as well.



on 8.1911 you can start rsyslog with the command line option -o /path/to/file 
and that file will then contain the combined config (including ny included 
files)



At this point, I suspect that what is different is where the include is for the 
different distros, one including the file before it writes things to the default 
files and the other after, but  that's a guess without seeing the full configs.


David Lang

On Fri, 9 Jul 2021, Daniel Pocock via rsyslog wrote:


I've used an identical omelasticsearch config on both CentOS and Ubuntu,
see below.  It works on Ubuntu, not on CentOS

Ubuntu package versions:
rsyslog                                8.32.0-1ubuntu4
rsyslog-elasticsearch                  8.32.0-1ubuntu4


CentOS 8.1 package versions:
rsyslog-elasticsearch-8.1911.0-7.el8_4.2.x86_64
rsyslog-relp-8.1911.0-7.el8_4.2.x86_64
rsyslog-gssapi-8.1911.0-7.el8_4.2.x86_64
rsyslog-gnutls-8.1911.0-7.el8_4.2.x86_64
rsyslog-8.1911.0-7.el8_4.2.x86_64



OpenSearch RC1 from 1 June:
https://opensearch.org/downloads.html



CentOS 8.1 host is a fresh install.

/etc/rsyslog.conf is default

/etc/rsyslog.d/reConServer-test.conf:

module(load="mmjsonparse")

*.* :mmjsonparse:

template(name="isJSON" type="list") {
 property(name="$!all-json")
}

module(load="omelasticsearch")
*.* action(type="omelasticsearch"
          template="isJSON"
          server="my-server"
          serverport="9200"
          searchIndex="log"
          uid="admin"
          pwd="my secret")
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.






















					Reply via email to