Hi Alexandre, you could use the JSON extractor in Graylog <http://docs.graylog.org/en/2.0/pages/extractors.html#using-the-json-extractor> to expand the content of the message field into the Graylog message.
But I would recommend using a proper GELF appender for your logging framework in the first place, as described in your other thread on this mailing list: https://groups.google.com/d/msg/graylog2/_3NYtZ5_4q8/75dLZ5xlAwAJ Cheers, Jochen On Thursday, 28 July 2016 16:29:53 UTC+2, Alexandre Verri wrote: > > I would like to know how to create a query for searching the contents of > *message > *field, considering that this field is formatted with JSON. > > Example, suppose the following *message *field content: > > {"@timestamp":"2016-07-28T14:16:28.654+00:00","@version":1,"message":"User > authenticated with > sucess.","logger_name":"br.com.femade.security.TheAuthenticationProvider","thread_name":"http-nio-8080-exec-8","level":"INFO","level_value":20000,"HOSTNAME":"0a10690187a7","req_id":"pYitsD","client_ip":"37.xxx.yyy.179","username":"guest"} > > How to search for messages containing *"level":"INFO"*? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2978e29c-f90e-4feb-9cc7-5c72ab1d1241%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
