Thanks. I was reporting millis. The timestamps are now in 10.3 format. Same behavior though:
Server returns 202 after receiving the GELF post Nothing is logged in var/log/graylog/current when this happens. On the admin screen, the input page claims that no records have been received (in the last eight hours). Since a 202 is received, the records are evidently accepted for processing, then something goes wrong after. Do you have any suggestions about how to narrow it down? On Tuesday, November 17, 2015 at 9:36:04 AM UTC-5, Jochen Schalanda wrote: > > Hi Rin, > > the "timestamp" field of your GELF message seems a bit large. Additionally > it must be a decimal number. Please refer to the GELF specification at > https://www.graylog.org/resources/gelf/ for how to build a valid GELF > message. > > > Cheers, > Jochen > > On Monday, 16 November 2015 20:44:41 UTC+1, Rin Saunders wrote: >> >> Is there something I'm not seeing? Here is sample input. It has been >> de-tabbed and zero terminated. >> >> { >> "version" : "1.1", >> "host" : "LogAnalyzer", >> "short_message" : "placehoder", >> "full_message" : "2015 Jul 08 10:48:11:058 GMT -4 >> BW.CLE_Process_Archive CLEInfo [BW-User] CLE Transaction - >> cfe35b7d-e08a-400e-8b52-52daeb8295b1 has been been received by CLE Auditing >> ", >> "timestamp" : "1436366891058", >> "level" : "LOG_INFO", >> "_transaction" : "cfe35b7d-e08a-400e-8b52-52daeb8295b1" >> } >> >> >> On Monday, November 16, 2015 at 2:40:57 PM UTC-5, Jochen Schalanda wrote: >>> >>> Hi Rin, >>> >>> the GELF HTTP input only processes valid GELF message, which means that >>> you will at least need to include the "version", "host", and "message" >>> fields. Please take a look at the GELF specification (including a valid >>> example) for details: https://www.graylog.org/resources/gelf/ >>> >>> Cheers, >>> Jochen >>> >>> On Monday, 16 November 2015 19:47:21 UTC+1, Rin Saunders wrote: >>>> >>>> I have a Graylog instance running with a GELF HTTP input on port 12201. >>>> If I send "junk" to the listener, I get "Unrecognized token junk" as >>>> expected. If the JSON is well-formed, though such as {"version":"1.1"}, >>>> nothing is appended to the server current log, and the input statistics >>>> show zero records read. Any ideas where to start on this? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d4137d3a-3a3c-42eb-8005-3222a72cd925%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
