Mailing List Archive

Multiple types in elasticsearch output?
Hi,

I basically have two rulesets:

ruleset(name="specific"){
action(type="omelasticsearch"
server="10.0.2.25:9200"
searchindex="logger"
searchType="SP"
)
}

ruleset(name="others"){
action(type="omelasticsearch"
server="localhost:9200"
searchindex="logger"
)
}

and then the condition
if ($msg contains "EXAMPLE") then {
call specific
}
else {
call others
}

But the resulting database only contains "events" as type, never "SP".
Do I need to specifiy possible types beforehand?

In my test I just deleted the index, and then rsyslog created the index by
itself, so I assumed it would also create the type.



--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Multiple types in elasticsearch output? [ In reply to ]
ignore the mismatch in ip. Forgot to change it to localhost for the example.
That is not the reason.



--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.