Is there something I'm not seeing? Here is sample input. It has been
de-tabbed and zero terminated.
{
"version" : "1.1",
"host" : "LogAnalyzer",
"short_message" : "placehoder",
"full_message" : "2015 Jul 08 10:48:11:058 GMT -4
BW.CLE_Process_Archive CLEInfo [BW-User] CLE Transaction -
cfe35b7d-e08a-400e-8b52-52daeb8295b1 has been been received by CLE Auditing
",
"timestamp" : "1436366891058",
"level" : "LOG_INFO",
"_transaction" : "cfe35b7d-e08a-400e-8b52-52daeb8295b1"
}
On Monday, November 16, 2015 at 2:40:57 PM UTC-5, Jochen Schalanda wrote:
>
> Hi Rin,
>
> the GELF HTTP input only processes valid GELF message, which means that
> you will at least need to include the "version", "host", and "message"
> fields. Please take a look at the GELF specification (including a valid
> example) for details: https://www.graylog.org/resources/gelf/
>
> Cheers,
> Jochen
>
> On Monday, 16 November 2015 19:47:21 UTC+1, Rin Saunders wrote:
>>
>> I have a Graylog instance running with a GELF HTTP input on port 12201.
>> If I send "junk" to the listener, I get "Unrecognized token junk" as
>> expected. If the JSON is well-formed, though such as {"version":"1.1"},
>> nothing is appended to the server current log, and the input statistics
>> show zero records read. Any ideas where to start on this?
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/f4195ffe-41cd-4efd-a816-a4b6cc89d9e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
