Hello
I work with Elasticsearch 5.2 with OMELASTICSEARCH RSYSLOG plugin in RH EL 7.3.
Plugin version is : rsyslog-elasticsearch-7.4.7-16
It works well , but log file : elasticsearch_deprecation.log fills every second with :
// Content type detection for rest requests is deprecated. Specify the content type using the [Content-Type] header //
The content of RSYSLOG configuration file is:
module(load="omelasticsearch") # for outputting to Elasticsearch
# this is for index names to be like: logstash-YYYY.MM.DD
template(name="logstash-index"
type="list") {
constant(value="logstash-")
property(name="timereported" dateFormat="rfc3339" position.from="1" position.to="4")
constant(value=".")
property(name="timereported" dateFormat="rfc3339" position.from="6" position.to="7")
constant(value=".")
property(name="timereported" dateFormat="rfc3339" position.from="9" position.to="10")
}
# this is for formatting our syslog in JSON with @timestamp
template(name="plain-syslog"
type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"host\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"tag\":\"") property(name="syslogtag" format="json")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\"}")
}
# this is where we actually send the logs to Elasticsearch (localhost:9200 by default)
action(type="omelasticsearch"
server="localhost"
serverport="9200"
template="plain-syslog"
searchIndex="logstash-index"
dynSearchIndex="on"
bulkmode="on" # use the bulk API
action.resumeretrycount="-1" # retry indefinitely if Logsene/Elasticsearch is unreachable
)
I do not understand, under theese conditions, from where this message can come which slows down the machine.
Could you help me?
Thank you.
Pierre S.