Hi, you need to configure your log collectors accordingly or create some extractors on your Graylog input.
- http://docs.graylog.org/en/2.1/pages/extractors.html - http://docs.graylog.org/en/2.1/pages/pipelines.html Cheers, Jochen On Friday, 21 October 2016 10:41:16 UTC+2, Benbrahim Anass wrote: > > it sends the whole /var/log/messages/ withouth filtering it. for exemple > the event it's created on a windows machine cbv-0025 but obviously it's it > indicate the input source wich is the syslog server. so technically, what i > want to do is filter thoses messages and scale them so as it will show me > the real source . another thing, it's not showing all the search fields. > when i tried GELF input i had alotmore fields than that , so much more > details > > > <https://lh3.googleusercontent.com/-kF-YRBo2RlE/WAnUmEFgARI/AAAAAAAAAdc/tJu5CF9MTk8jkmD5E5qx_Kt2b_1CgmLHgCLcB/s1600/search%2Binfo.png> > > > Le vendredi 21 octobre 2016 10:24:39 UTC+2, Jochen Schalanda a écrit : >> >> Hi, >> >> what does "unscaled logs" mean? >> >> Cheers, >> Jochen >> >> On Friday, 21 October 2016 10:18:56 UTC+2, Benbrahim Anass wrote: >>> >>> Hi everyone, >>> i'm testing Graylog2 with elasticsearch, i've run into this situation >>> where graylog recieve unscaled logs from a distant syslog server. >>> >>> >>> <https://lh3.googleusercontent.com/-QbPUHtxNtjM/WAnPXFpiTVI/AAAAAAAAAdI/6SSRJeQ6izgTfE7PBRSmhqh0efrVsWqsgCLcB/s1600/architecture.png> >>> >>> >>> <https://lh3.googleusercontent.com/-ag2xUP1LKdk/WAnPY5wGSgI/AAAAAAAAAdM/_xcNAFqhvqo5oN-3RRLbPmUTOk9AIE2GwCLcB/s1600/scal.png> >>> Thanks >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/bd478f22-3f70-4caa-831f-92ed57cf5a5e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
