I went into one of my inputs and added a JSON extractor on full_message.
Without changing anything I click Try and it properly breaks apart the
sample message into many useful fields. I give it a name, save, and then
give it a few minutes. Now no new messages are coming into the input or
streams that use rules to pull in messages. I delete the extractor and in
seconds logging is back to normal. I don't understand why it looks good in
the preview but stops my logs cold when it's applied. Anyone?
Example message: { "date": "2016-10-21T21:06:05.8063946Z", "level": "INFO",
> "name": "xxxxxxxx", "message": "GET:CheckStatus", "threadid": "24",
> "requesterIp": "10.xxx.xxx.xxx", "url": "\/v1\/status\/
> xxxxxxxx-xxxx-43AE-xxxx-CF5003E44594", "method": "GET", "correlationId": "
> 1a5b2f5a-xxxx-4b19-xxxx-970008b4efa7", "userAgent": "Rackspace
> Monitoring\/1.1 (https:\/\/monitoring.api.rackspacecloud.com)" }
click Try and the Extractor preview is:
date
> 2016-10-21T21:06:05.8063946Z
> threadid
> 24
> method
> GET
> level
> INFO
> requesterIp
> 10.xxx.xxx.xxx
> name
> xxxxxxxx
> correlationId
> 1a5b2f5a-xxxx-4b19-xxxx-970008b4efa7
> userAgent
> Rackspace Monitoring/1.1 (https://monitoring.api.rackspacecloud.com)
> message
> GET:CheckStatus
> url
> /v1/status/xxxxxxxx-xxxx-43AE-xxxx-CF5003E44594
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/71f86b81-0846-420b-80d6-8eae1ae6cb01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
