On 22.08.2014 08:29, ellyas ellyas wrote: > Did you probably mean values of that fields, but not fields itself? I
Both, I guess. Because a field can only be present with a value in it. (We could argue whether the empty string is a valid value for a GELF facility, but that does not lead anywhere. ;) > have tried to use Syslog UDP input without logstash, and there are also > these 2 fields "facility" = "unknown" and "level" = "Invalid [-1]" > (values are different from GELF). "Version" is gone. That is another topic; BSD Syslog [RFC3164] messages have a facility and a severity level as mandatory metadata. I do not know for sure, but I would expect the syslog input module to look for these and insert default values if they cannot be parsed. This is the typical interoperability problem: every part of the processing chain has different assumptions about the data. -- Martin -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
