Heja, the Syslog inputs - i just use TCP/UDP but i think all working the same - extracting at least two fields ( application_name and process_id ) automatically. The problem hear is, that not all message are that well formed - ESXi, SAN in my case. I haven't found a way to disable that out of the box in graylog. My current workaround is to extract the fields with an extractor manually but even there i can't handle all variants. A pipeline to remove the fields doesn't work either because that would remove those manual extracted fields too.
I filed an enhancement in github ( https://github.com/Graylog2/graylog2-server/issues/2739 ) but that was closed quickly with the "tip" to just use Raw Text Input - which isn't a solution because that Input is lacking Syslog fields i need ( level, facility, ... ). I thought about making a plugin with a modified Syslog UDP input but before that i hope to get some other views. From my point of view, the default Graylog Syslog Inputs should have a option to disable those additional fields. Any ideas instead? Best regards, MArkus -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2bfe529c-0c7d-49dc-82e7-837ff80595e0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
