Message format: GELF
Protocol: Reproducible in both protocols tested: HTTP, UDP
Sample message:
{"short_message":"974cf326-536c-48dc-b3c6-b377f544138a", "host":"0.0.0.0",
"timestamp":"1475818355.483", "_messageType":"Response",
"_correlationId":"974cf326-536c-48dc-b3c6-b377f544138a",
"full_message":"LargeMessage", "_testField":"LargeMessage"}
For verbosity, I've replaced large xml-based data with 'LargeMessage'. As
mentioned, I can store a large message using full_message, but not in
_testField. Is there a change I can do to allow "_testField" (or any other
additional field) to hold large messages?
On Tuesday, 11 October 2016 20:16:51 UTC+11, Jochen Schalanda wrote:
>
> Hi,
>
> are there any error messages in the logs of your Graylog or Elasticsearch
> nodes?
>
> Could you attach an example message to demonstrate the issue?
>
> What kind of input are you using in Graylog (GELF UDP, GELF TCP, or
> something else) and what client are you using the send these messages?
>
> Cheers,
> Jochen
>
> On Tuesday, 11 October 2016 05:58:51 UTC+2, [email protected] wrote:
>>
>> Reference: http://docs.graylog.org/en/2.1/pages/gelf.html
>>
>> Data is NOT logged when the value of _[additional field] in the GELF
>> message exceeds some value (somewhere in the region of 40KBs).
>>
>> Is there some configuration I can amend to allow _[additional field] to
>> hold larger data? I've tried updating max_chunk_size without success.
>>
>> Also, I'm aware that full_message can store large messages. Wondering if
>> _[additional field] can be configured to as well. Cheers.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/d88eaa61-aa4b-42ba-be90-5a4cf3dcd123%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
