Hi Alexandre, many Java logging frameworks support setting variables (e. g. for the MDC/ThreadContext) via OS environment variables. This way you could include the container ID, image ID and other interesting information in your log entries:
- https://logging.apache.org/log4j/2.0/manual/lookups.html#EnvironmentLookup - http://logback.qos.ch/manual/configuration.html#variableSubstitution Cheers, Jochen On Thursday, 28 July 2016 20:17:34 UTC+2, Alexandre Verri wrote: > > Hi Jochen, > > your suggestion is the best alternative to have all GELF fields ready > without any parsing/transformation on the server side. The downside is that > it is cumbersome to get the Docker container name using the appender. Using > the Docker GELF driver, it includes the container name automatically (this > is the main driver for me at the moment). > > Thank you for the information about JSON extractor, I'll try it. > > Cheers, > Alexandre > > Em quinta-feira, 28 de julho de 2016 16:13:01 UTC+1, Jochen Schalanda > escreveu: >> >> Hi Alexandre, >> >> you could use the JSON extractor in Graylog >> <http://docs.graylog.org/en/2.0/pages/extractors.html#using-the-json-extractor> >> >> to expand the content of the message field into the Graylog message. >> >> But I would recommend using a proper GELF appender for your logging >> framework in the first place, as described in your other thread on this >> mailing list: >> https://groups.google.com/d/msg/graylog2/_3NYtZ5_4q8/75dLZ5xlAwAJ >> >> Cheers, >> Jochen >> >> On Thursday, 28 July 2016 16:29:53 UTC+2, Alexandre Verri wrote: >>> >>> I would like to know how to create a query for searching the contents of >>> *message >>> *field, considering that this field is formatted with JSON. >>> >>> Example, suppose the following *message *field content: >>> >>> {"@timestamp":"2016-07-28T14:16:28.654+00:00","@version":1,"message":"User >>> authenticated with >>> sucess.","logger_name":"br.com.femade.security.TheAuthenticationProvider","thread_name":"http-nio-8080-exec-8","level":"INFO","level_value":20000,"HOSTNAME":"0a10690187a7","req_id":"pYitsD","client_ip":"37.xxx.yyy.179","username":"guest"} >>> >>> How to search for messages containing *"level":"INFO"*? >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3c60de2b-1610-4f3a-a00b-d736935f6b92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
