Hi Mark,
Not experiencing this behavior here.
What is your nxlog config, and are you using a GELF TCP/UDP input?
Is NXlog the latest version? there was a problem with GELF in a earlier
version.
Op zaterdag 30 mei 2015 17:49:06 UTC+2 schreef graylog...@gmail.com:
>
> Hello
>
> I'm having a problem with graylog and nxlog feed
>
> I have a huge archive of windows event logs, I have been trying to import
> these logs into graylog using nxlog and gelf
>
> It all works well, nxlog pickup the logs and imports them but the messages
> are being split in several records rather tha a single one,
>
>
> Example if the event log contains the follow
>
>
> *{"1331892664000, 4624, "Success", "Security",
> "Microsoft-Windows-Security-Auditing", "An account was successfully logged
> on.*
>
> *Subject:*
> * Security ID: S-1-0-0*
> * Account Name: -*
> * Account Domain: -*
> * Logon ID: 0x0*
>
> *Logon Type: 3*
>
>
> *This event is generated when a logon session is created. It is generated
> on the computer that was accessed.*
>
> *Key length indicates the length of the generated session key. This will
> be 0 if no session key was requested." "} *
>
>
> It gets loaded into graylog as:
>
> Record 1: *{"1331892664000, 4624, "Success", "Security",
> "Microsoft-Windows-Security-Auditing", "An account was successfully logged
> on.*
> Record 2: *Subject*
> Record 3*: **Security ID: S-1-0-0*
>
> etc.
> etc
>
>
> I just would like to have all the message stored in one record
>
> Do you have any idea how this could be achieved?
>
> Thanks!
> Mark
>
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
