Rabbotmq to Elasticsearch

ericd · September 30, 2017, 10:30am

I have a problem with transporting filtered logs to Elasticsearch.

This is an overview:
syslog device -> syslog-ng -> rabbitmq -> logstash input (no filters) -> logstash elasticsearch output

Elastic stack is v5.6
In rabbitmq everything seems fine. Inputs ok and logstash getting messages from output queue .
ES client, logstash and rabbimq are on the same virtual server.

input {
  rabbitmq {
  host => '10.10.10.11'
  port => 5672
  vhost => 'logstash'
  user => 'output_user'
  password => 'pass'
  durable => true
  exchange => 'syslog_exchange'
  key => 'key1'
  queue => 'out_logstash_queue'
  type => "rmq"
  subscription_retry_interval_seconds => '5'
  }
}

output {
  if [type] == "rmq" {             #tried and without this IF
     elasticsearch {
     hosts => ["10.10.10.11:9200"]  #tried and with http
     index => "rmq-%{+YYYY.MM.dd}"
    }
  }
}

This output is working for every other input (i removed all other to test just this one).
What i am missing?

warkolm · October 1, 2017, 9:58pm

What happens if you have a stdout in the output, does it show events?

system · October 29, 2017, 9:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.