Any input on this at all? And the subject should say "field" not "filed"... apologies for the typo.
Cheers, Pete On Wednesday, 24 June 2015 10:45:16 UTC+10, Pete GS wrote: > > Hi all, > > I'm sending my VMware vCenter server logs and Windows event logs into > Graylog using nxlog-ce to send to GELF UDP inputs. > > I'm getting confused as to why the "message" field is truncated compared > with the "full_message". > > At this point I have not tried defining any fields in nxlog for these nor > have I defined any extractors on the inputs. > > What can cause these messages to be truncated? I'm assuming Graylog is > trying to process these into various fields which is leading to the > truncated message but I'm not sure how I can overcome this. > > Here's an example: > > full_message: vpxd2015-06-24T10:36:18.302+10:00 info vpxd[10384] > [Originator@6876 sub=vpxLro > opID=opId-f89b4b1a-bd95-48fa-8193-d7f494ae37b2-3d-5a] [VpxLRO] -- FINISH > task-internal-2506 > > message: vpxd2015-06-24T10:36:18.302+10:00 info vpxd[10384] [Originator@6 > > I am seeing the same behaviour for the Windows events and here's an > example: > > full_message: The system call to get account information completed. > CN=VMM01,CN=Computers,DC=lab,DC=melbourneit,DC=com The call completed in 0 > milliseconds. > > message: The system call to get account information completed. > CN=VMM01 > > Here are the two relevant inputs used in nxlog.conf: > > <Input InEvents> > Module im_msvistalog > EXEC if $ObjectName =~ /\\Nimsoft\\probes\\/ drop(); > </Input> > > <Input VPXD> > Module im_file > File "C:\\ProgramData\\VMware\\VMware > VirtualCenter\\Logs\\vpxd-[0-9]*.log" > SavePos TRUE > ReadFromLast TRUE > Exec $Message = 'vpxd' + $raw_event; > </Input> > > I'm guessing It's probably going to be something as simple as defining > fields in nxlog but I'm not real sure on that and am hoping someone else > has come across this and has a solution or at least some pointers in the > right direction. > > Any help with this would be greatly appreciated! > > Cheers, Pete > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
