Integrating Syslog-ng with OpenObserve
TLDR dch asked about adding syslog-ng as a source for OpenObserve. Prabhat confirmed it possible, explaining it uses OpenObserve's _bulk API, and provided relevant resources. dch also asked about handling demo and real events in OpenObserve's cloud, which Prabhat explained. Mark mentioned working on an openobserve native syslog-ng destination.
Prabhat
Fri, 30 Jun 2023 09:07:26 UTCsyslog-ng supports sending data to elasticsearch using _bulk API. The same can be used to send data from syslog-ng to OpenObserve
dch
Fri, 30 Jun 2023 09:10:44 UTCthanks - is the API then?
dch
Fri, 30 Jun 2023 09:10:52 UTCand I would need to align syslog-ng format with that?
dch
Fri, 30 Jun 2023 09:11:59 UTClike so,
Prabhat
Fri, 30 Jun 2023 09:24:34 UTCYes.
Prabhat
Fri, 30 Jun 2023 09:24:41 UTCalso
Prabhat
Fri, 30 Jun 2023 09:26:54 UTC
Prabhat
Fri, 30 Jun 2023 09:27:09 UTCthis the_bulk API in OpenObserve
dch
Fri, 30 Jun 2023 09:29:52 UTCok thats an excellent find - zinc was the old product name?
Prabhat
Fri, 30 Jun 2023 09:31:17 UTCyes we built zinc earlier and then built OpenObserve
Prabhat
Fri, 30 Jun 2023 09:31:35 UTC
dch
Fri, 30 Jun 2023 09:32:35 UTCok cool so you kept the external api and what you learned, and moved it to rust + sled. nice.
Prabhat
Fri, 30 Jun 2023 09:34:28 UTCyes. We applied things we learnt with zinc in OpenObserve building it specifically for observability as opposed to a general purpose text search tool.
dch
Fri, 30 Jun 2023 09:47:41 UTCok, that url from syslog-ng team works perfectly.
dch
Fri, 30 Jun 2023 09:47:59 UTCwhat I am not sure on, is how to delete the "Demo Organisation" in my cloud dashboard, and for the events to go into the custom organisation I created
dch
Fri, 30 Jun 2023 09:48:10 UTCbut at least we have events now
dch
Fri, 30 Jun 2023 09:49:10 UTCoh,
dch
Fri, 30 Jun 2023 09:49:19 UTCno these are just "demo" events, not real ones.
Prabhat
Fri, 30 Jun 2023 09:49:33 UTC> what I am not sure on, is how to delete the "Demo Organisation" in my cloud dashboard, and for the events to go into the custom organisation I created Are you using OpenObserve cloud or self hosted ?
Prabhat
Fri, 30 Jun 2023 09:49:57 UTCin cloud its just demo data
Prabhat
Fri, 30 Jun 2023 09:50:23 UTCYou should ingest data in your own org
Prabhat
Fri, 30 Jun 2023 09:50:38 UTCand change org accordingly.
Prabhat
Fri, 30 Jun 2023 09:52:02 UTCI think we should have one more entry for syslog-ng just like filebeat and others
Prabhat
Fri, 30 Jun 2023 09:52:22 UTCyou can copy the details from filebeat for now for syslog-ng
Mark
Fri, 30 Jun 2023 15:25:41 UTCI’m also working on an openobserve native syslog-ng destination; early progress is very promising. Basing it on the (very capable, and OSS) Splunk Connect for Syslog, which does a wonderful job classifying data — which makes querying on openobserve a breeze.
OpenObserve
Indexed 419 threads
OpenObserve is an open-source, petabyte-scale observability platform for the cloud native realm, offering a 10x cost reduction and 140x less storage use compared to competitors like Elasticsearch or Splunk. Built in Rust for exceptional performance, it offers comprehensive features like logs, metrics, traces, dashboards, and more | Knowledge Base powered by Struct.AI
View in App
dch
Fri, 30 Jun 2023 07:51:44 UTCare there plans to support syslog-ng as source?