Re: [graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Thanks Bernd, but we want to send log to graylog2 without modifying PHP configuration or application. Could you write a very simple sample of chunked message for graylog2 (in the official documentation there isn't any sample of chunked message, personally I think it is not sufficiently explained) Thank you again. Regards Alberto On Monday, March 2, 2015 at 1:54:53 PM UTC+1, Bernd Ahlers wrote: > > Hey, > > if you want to send GELF messages from your PHP application, you might > want to look at https://github.com/bzikarsky/gelf-php/. > This is a ready to use PHP GELF library which also supports chunking. > > Hope that helps! > > Regards, > Bernd > > On 1 March 2015 at 19:31, Jesús Alberto Vidal Cortés > > wrote: > > Can anyone write a detailed sample of a a chunked message? > > > > Thank you very much > > > > > > On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal > Cortés > > wrote: > >> > >> Hi, I'm trying to process with gawk a PHP log for loading it graylog2 > (I > >> have many log lines really big). I'm not able of send the correct > >> information to graylog2 input UDP 12200 > >> > >> If I want to send the next log (is gelf formated) entry to graylog2 > using > >> two chunks how could I do it? What information must have exactly each > chunk? > >> > >> {\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n > >> \"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n > >> \"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n > >> \"_idf\":\"987297342\",\n \"_process\":\"Process\",\n > >> \"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n} > >> > >> I'm able of loading this log line without using chunks (it's a simple > log > >> line sample) I'm trying to send the next two chunks to graylog2: > >> > >> 1. > >> \x1e\x0f000102{\n \"version\": \"1.1\",\n > >> \"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n > \"timestamp\": > >> %d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n > >> \"_process\":\"%s\",\n > >> > >> 2. > >> \x1e\x0f000112\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n} > >> > >> and I obtain the next trace in graylog2 server log > >> > >> 2015-02-26 16:59:05,389 DEBUG: > >> org.graylog2.plugin.inputs.transports.NettyTransport - More chunks > necessary > >> to complete this message > >> 2015-02-26 16:59:05,390 DEBUG: > >> org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map > >> [chunks for 1 messages]: > >> Message <3030303030303031> Chunks: > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> ID: 3030303030303031Sequence: 49/50 Arri
[graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Can anyone write a detailed sample of a a chunked message? Thank you very much On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal Cortés wrote: > > Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I > have many log lines really big). I'm not able of send the correct > information to graylog2 input UDP 12200 > > If I want to send the next log (is gelf formated) entry to graylog2 using > two chunks how could I do it? What information must have exactly each chunk? > > {\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n > \"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n > \"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n > \"_idf\":\"987297342\",\n \"_process\":\"Process\",\n > \"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n} > > I'm able of loading this log line without using chunks (it's a simple log > line sample) I'm trying to send the next two chunks to graylog2: > > 1. > *\x1e\x0f000102*{\n \"version\": \"1.1\",\n > \"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n \"timestamp\": > %d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n > \"_process\":\"%s\",\n > > 2. > *\x1e\x0f000112*\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n} > > and I obtain the next trace in graylog2 server log > > *2015-02-26 16:59:05,389 DEBUG: > org.graylog2.plugin.inputs.transports.NettyTransport - More chunks > necessary to complete this message* > *2015-02-26 16:59:05,390 DEBUG: > org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map > [chunks for 1 messages]:* > *Message <3030303030303031> Chunks:* > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > ** > *ID: 3030303030303031Sequence: 49/50 Arrival: > 1424966345389 Data size: 212* > ** > > *2015-02-26 16:59:05,390 DEBUG: > org.graylog2.plugin.inputs.transports.NettyTransport - More chunks > necessary to complete this message* > > > What I'm doing wrong? > > I'm using the next sentences to send the information from gawk server to > graylog2 server: > > printf "\x1e\x0f%s%c%c%s","0001",48,50,substr(v_cad,1,200) |& > "/inet/udp/0/10.253.114.218/12200"; > printf "\x1e\x0f%s%c%c%s","0001",49,50,substr(v_cad,201) |& > "/inet/udp/0/10.253.114.218/12200"; > > Thank you very much for any help. It's very important to me be able of > send a long message in chunks > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Problem generating/loading chunked Gelf message in graylog2
Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I have many log lines really big). I'm not able of send the correct information to graylog2 input UDP 12200 If I want to send the next log (is gelf formated) entry to graylog2 using two chunks how could I do it? What information must have exactly each chunk? {\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n \"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n \"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n \"_idf\":\"987297342\",\n \"_process\":\"Process\",\n \"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n} I'm able of loading this log line without using chunks (it's a simple log line sample) I'm trying to send the next two chunks to graylog2: 1. *\x1e\x0f000102*{\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n \"timestamp\": %d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n \"_process\":\"%s\",\n 2. *\x1e\x0f000112*\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n} and I obtain the next trace in graylog2 server log *2015-02-26 16:59:05,389 DEBUG: org.graylog2.plugin.inputs.transports.NettyTransport - More chunks necessary to complete this message* *2015-02-26 16:59:05,390 DEBUG: org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map [chunks for 1 messages]:* *Message <3030303030303031> Chunks:* ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** *ID: 3030303030303031Sequence: 49/50 Arrival: 1424966345389 Data size: 212* ** *2015-02-26 16:59:05,390 DEBUG: org.graylog2.plugin.inputs.transports.NettyTransport - More chunks necessary to complete this message* What I'm doing wrong? I'm using the next sentences to send the information from gawk server to graylog2 server: printf "\x1e\x0f%s%c%c%s","0001",48,50,substr(v_cad,1,200) |& "/inet/udp/0/10.253.114.218/12200"; printf "\x1e\x0f%s%c%c%s","0001",49,50,substr(v_cad,201) |& "/inet/udp/0/10.253.114.218/12200"; Thank you very much for any help. It's very important to me be able of send a long message in chunks -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.