Elasticsearch datastream

Overview

Based on the ElasticSearch datastream destination of AxoSyslog.

Available in Logging operator version 4.9 and later.

Example

apiVersion: logging.banzaicloud.io/v1beta1
kind: SyslogNGOutput
metadata:
  name: elasticsearch-datastream
spec:
  elasticsearch-datastream:
    url: "https://elastic-endpoint:9200/my-data-stream/_bulk"
    user: "username"
    password:
      valueFrom:
        secretKeyRef:
          name: elastic
          key: password

Configuration

ElasticsearchDatastreamOutput

(HTTPOutput, required)

disk_buffer (*DiskBuffer, optional)

This option enables putting outgoing messages into the disk buffer of the destination to avoid message loss in case of a system failure on the destination side. For details, see the Syslog-ng DiskBuffer options.

Default: false

record (string, optional)

Arguments to the $format-json() template function. Default: "--scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE}"

Last modified December 3, 2025: Merge 93ef79b90193df9d95bda2068bba61200e21e86b into 2eea06951e5cb8d307b35fee26ea2a83a8ed6bdb (e71de0b)