Hi,
I've been working on this issue for hours, and finally it works !
I've updated and rebooted all my elastic stack servers then
the only thing I changed finally, is to add an "index" directive in the Elasticsearch output:
input { syslog { port => 5514 } }
filter { }
output {
elasticsearch {
hosts => [ "elastic-host:9200" ]
index => [ "logstash-syslog-%{+yyyy.MM.dd}" ]
}
}
Now I just need to parse more efficiently syslog messages, but that's another job 