Hi Jochen, yes, I am sure the logs are being ingested, because if I just remove the extractor, the messages appear in the same search window.
Please see bellow an example of one received message, without the extractor. <https://lh3.googleusercontent.com/-Av1oEUP01_Q/V5svx9l5FrI/AAAAAAAANpg/60vBKhptqsgPr8KuV5TPOFZUFt7XcR3PwCLcB/s1600/Capture.PNG> If I set this extractor, the message will not appear in the same search window (I am using a broad search window - from yesterday to tomorrow): <https://lh3.googleusercontent.com/-NRnS4oWbwRc/V5swWwcvxnI/AAAAAAAANpk/b222WfhRBMwuMiLiBatzr8ZQhZe_Xe2QgCLcB/s1600/extractor.PNG> Cheers, Alexandre Em sexta-feira, 29 de julho de 2016 08:11:34 UTC+1, Jochen Schalanda escreveu: > > Hi Alexandre, > > are there any error messages in the logs of your Graylog nodes? > > Are you 100% sure that the Java logs are ingested by Graylog? > > Are the timestamps of those Java logs correct or might they be "in the > future" so that a normal search query doesn't include them? > > Cheers, > Jochen > > On Thursday, 28 July 2016 22:33:13 UTC+2, Alexandre Verri wrote: >> >> I have set two extractors for a particular input in Graylog. The *same >> input* receives logs from Apache and from a Java application. The Apache >> log is being parsed using an Grok extractor, and it is working fine. If >> using an extra JSON extractor for the Java application, the messages from >> Java application does not appear in the search panel. >> >> So, in summary: >> >> Apache logs ==> GELF UDP input ==> Grok extractor ==> message parsed, >> showed in search query >> Java logs ==> GELF UDP input ==> JSON extractor ==> *message does >> not appear in search query* >> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a5841623-a346-4b16-b581-c1238e02b0dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
