Hi Rin,
how exactly are you sending the message to the GELF HTTP input? Did you see
http://docs.graylog.org/en/1.2/pages/sending_data.html#gelf-via-http?
Cheers,
Jochen
On Monday, 16 November 2015 20:44:41 UTC+1, Rin Saunders wrote:
>
> Is there something I'm not seeing? Here is sample input. It has been
> de-tabbed and zero terminated.
>
> {
> "version" : "1.1",
> "host" : "LogAnalyzer",
> "short_message" : "placehoder",
> "full_message" : "2015 Jul 08 10:48:11:058 GMT -4
> BW.CLE_Process_Archive CLEInfo [BW-User] CLE Transaction -
> cfe35b7d-e08a-400e-8b52-52daeb8295b1 has been been received by CLE Auditing
> ",
> "timestamp" : "1436366891058",
> "level" : "LOG_INFO",
> "_transaction" : "cfe35b7d-e08a-400e-8b52-52daeb8295b1"
> }
>
>
> On Monday, November 16, 2015 at 2:40:57 PM UTC-5, Jochen Schalanda wrote:
>>
>> Hi Rin,
>>
>> the GELF HTTP input only processes valid GELF message, which means that
>> you will at least need to include the "version", "host", and "message"
>> fields. Please take a look at the GELF specification (including a valid
>> example) for details: https://www.graylog.org/resources/gelf/
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 16 November 2015 19:47:21 UTC+1, Rin Saunders wrote:
>>>
>>> I have a Graylog instance running with a GELF HTTP input on port 12201.
>>> If I send "junk" to the listener, I get "Unrecognized token junk" as
>>> expected. If the JSON is well-formed, though such as {"version":"1.1"},
>>> nothing is appended to the server current log, and the input statistics
>>> show zero records read. Any ideas where to start on this?
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/14252186-8ebb-4436-af3b-da42d37647d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
