Hi Jan, Thanks for the reply.
Before I share our million different log messages, can we discuss on the basis that a single regex won't capture our messages? We have multiline exceptions, multiline SQL statements, multiline various other types of messages. If NXLog multiline handling is stronger, is there anything I may have missed in terms of NXLog setup? Are there other alternatives (other than decorating our messages) I haven't considered, or obviously missed? Thanks- --ab On Fri, Feb 17, 2017 at 2:49 AM, Jan Doberstein <j...@graylog.com> wrote: > Hej Andy, > > if you want help with the multiline detection of filebeat, we would need > to have some information about your logfile. examples welcome. > > with your question about nxlog the limit for one message is reached - you > would need to configure this limit. But for this the NXLog Community might > be the best place to ask. > > regards > Jan > > On Thursday, February 16, 2017 at 11:16:55 PM UTC+1, Andy Badera wrote: >> >> Hello all- >> >> Windows app server into Graylog 2.1.0. >> >> Like many, we have multiline log messages. There is presently no clearly >> defined syntax around these messages, no end delimiter. >> >> I'm able to flow messages in using filebeat, but I can't capture >> multiline messages properly. I believe per a Graylog blog entry, I need a >> regex that matches the entire message. I don't think this is feasible with >> our widely-varied messages. We do have a well-defined phrase that starts >> every message, but I'm not sure how I would define the end of and capture >> the varied messages. >> >> I've tried NXLog outputting to the system input of GELF TCP. I suspect >> NXLog has better multiline handling, but I can't flow messages reliably >> using NXLog - I get shut down repeatedly by the string size limit error in >> nxlog.log: >> >> 2017-02-16 17:13:06 INFO connecting to 10.100.15.196:12201 >> 2017-02-16 17:13:06 INFO reconnecting in 1 seconds >> 2017-02-16 17:13:06 ERROR oversized string, limit is 1048576 bytes >> >> Is there any way for me to correct this string size limit issue using >> NXLog CE? >> >> Any other alternatives I'm not considering? Anything I'm doing obviously >> wrong, or missed? >> >> Thanks in advance! >> --ab >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/graylog2/hhVs0N5d9tQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/84085e67-c94c-4a41-a045-164452b77be7%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/84085e67-c94c-4a41-a045-164452b77be7%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAAD%3DdiqqeCrJhmuDkEcNXOjwsNUeYOWs7OVzE3hagLLxH8MCLA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
