This is the complete message above (first one)... It is shortened by my code and ".." appended and then the XML is malformed / autocompleted by elasticsearch (my guess). Configuraiton: There is no transformation for the message processing, all to default.
Am Dienstag, 18. Oktober 2016 12:20:04 UTC+2 schrieb Jochen Schalanda: > > Hi, > > please post the complete message and the configuration of your Graylog > node and the input you're using to ingest these messages. > > Cheers, > Jochen > > On Tuesday, 18 October 2016 11:17:00 UTC+2, 4BRobby wrote: >> >> Hey guys, >> >> Maybe someone has noticed this before. It seems like Elasticsearch (out >> of the box) is applying an XML filter to the fields. >> >> Input-Example for full_message field: >> <?xml version="1.0" encoding="utf-8"?> >> <Nest1> >> <Nest2>Success</Nest2> >> <Nest3>DoSomething</Nest4> >> <Nest4>8</Nest4> >> <Nest5> >> <Nest6>0</Nest6> >> <Nest7> >> <Nest8.. >> >> Result full_message field: >> <?xml version="1.0" encoding="utf-8"?> >> <Nest1> >> <Nest2>Success</Nest2> >> <Nest3>DoSomething</Nest3> >> <Nest4>8</Nest4> >> <Nest5> >> </Nest5> >> </Nest1> >> >> It seems like Elasticsearch is automatically completing the XML >> discarding all tags that cannot be completed. >> In this case an 400kb XML is shortened to 65kb by code and the gets >> completely truncated to the result above. >> >> Is there any way to prevent this by making a special configuration to >> elasticsearch? >> >> Thanks. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/46a182f0-827c-43de-95af-f12f9e445206%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
