I'm running Graylog 1.3.4, and the messages are coming in JSON formatted via a Kafka server.
I was setting up a template to handle some fields that are sent as arrays, but it appears that the array values get joined as a single value by the JSON extractor. When I manually poll the messages out of Kafka they appear to be shipped as proper arrays ( "field1": ["value1","value2"] ) but when I look at them in Elasticsearch after they are indexed I see "field1": "value1, value2". Unless I'm missing something, it looks like the JSON extractor in Graylog is doing this. Is there any way to disable the join and retain the array? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/501b01f7-6cf4-4cf7-afd6-63d7503a3253%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
