Hi,
these are syslog messages that get into Graylog by a syslog input.
There is a grok filter %{SYSLOGBASE2} (from the default logstash grok
patterns) which should format the timestamp correctly.
Anyway, we decided to ditch the Splunk output completely, so I don't have
the possibility to do anymore tests.
Thank you,
Frank
On Thursday, January 12, 2017 at 4:51:30 PM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> what's the content of your messages? How are you ingesting them?
>
> Cheers,
> Jochen
>
> On Thursday, 12 January 2017 14:37:52 UTC+1, Frank wrote:
>>
>> That's what I expected. I just added a converter to the timestamp field,
>> but that didn't change anything.
>>
>> On Thursday, January 12, 2017 at 2:21:40 PM UTC+1, Jochen Schalanda wrote:
>>>
>>> Hi Frank,
>>>
>>> it looks like the "timestamp" message field in one (or more) of your
>>> messages has the wrong type (String as opposed to being an actual
>>> timestamp).
>>>
>>> This *shouldn't* happen, but maybe rotating indices (System / Indices /
>>> Maintenance) will help.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Thursday, 12 January 2017 11:55:05 UTC+1, Frank wrote:
>>>>
>>>> Hi,
>>>>
>>>> I installed and configured the Splunk output plugin, to forward one
>>>> stream to Splunk directly.
>>>> But when new messages get routed to the stream, the plugin just logs
>>>> this error:
>>>>
>>>> ERROR [OutputBufferProcessor] Error in output [class
>>>> com.graylog.splunk.output.SplunkOutput].
>>>> java.lang.ClassCastException: Cannot cast java.lang.String to
>>>> org.joda.time.DateTime
>>>> at java.lang.Class.cast(Class.java:3369) ~[?:1.8.0_111]
>>>> at org.graylog2.plugin.Message.getFieldAs(Message.java:380)
>>>> ~[graylog.jar:?]
>>>> at org.graylog2.plugin.Message.getTimestamp(Message.java:178)
>>>> ~[graylog.jar:?]
>>>> at com.graylog.splunk.output.senders.TCPSender.send(TCPSender.java:151)
>>>> ~[?:?]
>>>> at com.graylog.splunk.output.SplunkOutput.write(SplunkOutput.java:87)
>>>> ~[?:?]
>>>> at
>>>> org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:189)
>>>>
>>>> [graylog.jar:?]
>>>> at
>>>> com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
>>>>
>>>> [graylog.jar:?]
>>>> at
>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>>> [?:1.8.0_111]
>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>> [?:1.8.0_111]
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>
>>>> [?:1.8.0_111]
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>
>>>> [?:1.8.0_111]
>>>> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
>>>>
>>>> Any ideas how to solve this?
>>>>
>>>> Frank
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a5cc500c-7d8e-44df-a1ab-05ec14f3b072%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
