Hi Jochen, your suggestion is the best alternative to have all GELF fields ready without any parsing/transformation on the server side. The downside is that it is cumbersome to get the Docker container name using the appender. Using the Docker GELF driver, it includes the container name automatically (this is the main driver for me at the moment).
Thank you for the information about JSON extractor, I'll try it. Cheers, Alexandre Em quinta-feira, 28 de julho de 2016 16:13:01 UTC+1, Jochen Schalanda escreveu: > > Hi Alexandre, > > you could use the JSON extractor in Graylog > <http://docs.graylog.org/en/2.0/pages/extractors.html#using-the-json-extractor> > > to expand the content of the message field into the Graylog message. > > But I would recommend using a proper GELF appender for your logging > framework in the first place, as described in your other thread on this > mailing list: > https://groups.google.com/d/msg/graylog2/_3NYtZ5_4q8/75dLZ5xlAwAJ > > Cheers, > Jochen > > On Thursday, 28 July 2016 16:29:53 UTC+2, Alexandre Verri wrote: >> >> I would like to know how to create a query for searching the contents of >> *message >> *field, considering that this field is formatted with JSON. >> >> Example, suppose the following *message *field content: >> >> {"@timestamp":"2016-07-28T14:16:28.654+00:00","@version":1,"message":"User >> authenticated with >> sucess.","logger_name":"br.com.femade.security.TheAuthenticationProvider","thread_name":"http-nio-8080-exec-8","level":"INFO","level_value":20000,"HOSTNAME":"0a10690187a7","req_id":"pYitsD","client_ip":"37.xxx.yyy.179","username":"guest"} >> >> How to search for messages containing *"level":"INFO"*? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c9f46c6b-c171-4e69-bff6-812d1600c276%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
