[Question] how to setup tlog to log to elasticsearch

[haiwu]

The current documentation is not clear to me.

Not going to use sssd, only to use tlog-rec-session.

By default /etc/tlog/tlog-rec-session.conf uses journal. If switching to use file, then the whole logging to elasticsearch from rsyslog would not work.

After switching /etc/tlog/tlog-rec-session.conf to use syslog, I could see /var/log/tlog.log sometimes would have tlog entries, most time it would log NO MATCH every second, if there's no tlog activity. Is this expected?

Also it seems rsyslog auto created an index in elasticsearch, but there's no docs in this index, so apparently it is not working at all. How to get this to work?