Dear community,
I would like to use rsyslod-Daemon to send logs to our elasticsearch cluster. As you konw there is an output module for elasticsearch you can use. Prior to that you have to configure it. My question relates to the configuration: Can I say in that module to send to more than one elasticsearch node in a cluster? In my config below I tell rsyslog to send to 1 machine (one node of that cluster), but could I also give a list of nodes hoping rsyslog (in a round robin mode) sends the log to one of the cluster nodes instead of only one?
Thank you for your insights!!!!
# vim /etc/rsyslog.conf
...
module(load="omelasticsearch")
template(name="testTemplate"
type="list"
option.json="on") {
constant(value="{")
constant(value=""timestamp":"") property(name="timereported" dateFormat="rfc3339")
constant(value="","message":"") property(name="msg")
constant(value="","host":"") property(name="hostname")
constant(value="","severity":"") property(name="syslogseverity-text")
constant(value="","facility":"") property(name="syslogfacility-text")
constant(value="","syslogtag":"") property(name="syslogtag")
constant(value=""}")
}
action(type="omelasticsearch"
server="ubuntu64"
serverport="9200"
template="testTemplate"
searchIndex="test-index"
searchType="test-type"
bulkmode="on"
queue.type="linkedlist"
queue.size="5000"
queue.dequeuebatchsize="300"
action.resumeretrycount="-1")
...
