Hi,
these are syslog messages that get into Graylog by a syslog input.
There is a grok filter %{SYSLOGBASE2} (from the default logstash grok
patterns) which should format the timestamp correctly.
Anyway, we decided to ditch the Splunk output completely, so I don't have
the possibility to do anymore tests.
Thank you,
Frank
On Thursday, January 12, 2017 at 4:51:30 PM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> what's the content of your messages? How are you ingesting them?
>
> Cheers,
> Jochen
>
> On Thursday, 12 January 2017 14:37:52 UTC+1, Frank wrote:
>>
>> That's what I expected. I just added a converter to the timestamp field,
>> but that didn't change anything.
>>
>> On Thursday, January 12, 2017 at 2:21:40 PM UTC+1, Jochen Schalanda wrote:
>>>
>>> Hi Frank,
>>>
>>> it looks like the "timestamp" message field in one (or more) of your
>>> messages has the wrong type (String as opposed to being an actual
>>> timestamp).
>>>
>>> This *shouldn't* happen, but maybe rotating indices (System / Indices /
>>> Maintenance) will help.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Thursday, 12 January 2017 11:55:05 UTC+1, Frank wrote:
>>>>
>>>> Hi,
>>>>
>>>> I installed and configured the Splunk output plugin, to forward one
>>>> stream to Splunk directly.
>>>> But when new messages get routed to the stream, the plugin just logs
>>>> this error:
>>>>
>>>> ERROR [OutputBufferProcessor] Error in output [class
>>>> com.graylog.splunk.output.SplunkOutput].
>>>> java.lang.ClassCastException: Cannot cast java.lang.String to
>>>> org.joda.time.DateTime
>>>> at java.lang.Class.cast(Class.java:3369) ~[?:1.8.0_111]
>>>> at org.graylog2.plugin.Message.getFieldAs(Message.java:380)
>>>> ~[graylog.jar:?]
>>>> at org.graylog2.plugin.Message.getTimestamp(Message.java:178)
>>>> ~[graylog.jar:?]
>>>> at com.graylog.splunk.output.senders.TCPSender.send(TCPSender.java:151)
>>>> ~[?:?]
>>>> at com.graylog.splunk.output.SplunkOutput.write(SplunkOutput.java:87)
>>>> ~[?:?]
>>>> at
>>>> org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:189)
>>>>
>>>> [graylog.jar:?]
>>>> at
>>>> com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
>>>>
>>>> [graylog.jar:?]
>>>> at
>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>>> [?:1.8.0_111]
>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>> [?:1.8.0_111]
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>
>>>> [?:1.8.0_111]
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>
>>>> [?:1.8.0_111]
>>>> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
>>>>
>>>> Any ideas how to solve this?
>>>>
>>>> Frank
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a5cc500c-7d8e-44df-a1ab-05ec14f3b072%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
