I am struggling with formatting my platform logs in Graylog. Here is my nxlog.cong:
########################################## ## CONFIG ## ########################################## define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log ########################################## ## EXTENSIONS ## ########################################## <Extension _json> Module xm_json </Extension> <Extension gelf> Module xm_gelf </Extension> ########################################## ## INPUTS ## ########################################## <Input eventlog> Module im_msvistalog Query <QueryList>\ <Query Id="0">\ <Select Path="Application">*</Select>\ <Select Path="System">*</Select>\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); </Input> <Input platform> Module im_file File 'c:\\Logs\\*.log' SavePos TRUE ReadFromLast TRUE PollInterval 1 </Input> ########################################## ## OUTPUTS ## ########################################## <Output out> Module om_udp Host XXX.XXX.XXX.XXX Port 12201 OutputType GELF </Output> <Route 1> Path eventlog, platform => out </Route> And here is how it currently appears in Graylog: <https://lh3.googleusercontent.com/-t4B_e4iMNLY/V5kgUOcXQkI/AAAAAAAAARI/E9WoiaQKTzEqJxgAKOCrvRAI7xXAw5EhgCLcB/s1600/Screenshot%2Bfrom%2B2016-07-27%2B14-57-31.png> The message is missing most of the actual line found in the log file. While not the exact same entry, it should look like this. "{"datetime":"2016-07-21T19:45:07.0516700Z","level":"Debug","name":"IEasyNetQLogger","message":"Trying to connect", "requesterIp":"","threadid":"6"}" With fields like 'level', 'name', 'message', 'requeserip' and 'threeadedid'. Instead in truncates the full message as message, pulls 6 down into level. Can someone help me with the conf file to make this parse correctly? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0c6ac58b-6d5b-44b1-becb-e02e4e7cd70d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
