[graylog2] Logs do not format correctly in Graylog

[Joshua Walderbach]

I am struggling with formatting my platform logs in Graylog.  Here is my 
nxlog.cong:


##########################################
##                CONFIG                ##
##########################################


define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log


##########################################
##             EXTENSIONS               ##
##########################################


<Extension _json>
 Module xm_json
</Extension>


<Extension gelf>
 Module xm_gelf
</Extension>


##########################################
##                INPUTS                ##
##########################################


<Input eventlog>
 Module im_msvistalog
 Query <QueryList>\
 <Query Id="0">\
 <Select Path="Application">*</Select>\
 <Select Path="System">*</Select>\
 <Select Path="Security">*</Select>\
 </Query>\
 </QueryList>
 Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
</Input>


<Input platform>
 Module im_file
 File 'c:\\Logs\\*.log'
 SavePos TRUE
 ReadFromLast TRUE
 PollInterval 1
</Input>


##########################################
##                OUTPUTS               ##
##########################################


<Output out> 
 Module om_udp
 Host XXX.XXX.XXX.XXX
 Port 12201
 OutputType GELF
</Output>

<Route 1>
 Path eventlog, platform => out
</Route>



And here is how it currently appears in Graylog:

<https://lh3.googleusercontent.com/-t4B_e4iMNLY/V5kgUOcXQkI/AAAAAAAAARI/E9WoiaQKTzEqJxgAKOCrvRAI7xXAw5EhgCLcB/s1600/Screenshot%2Bfrom%2B2016-07-27%2B14-57-31.png>



The message is missing most of the actual line found in the log file. 
 While not the exact same entry, it should look like this. 
 
"{"datetime":"2016-07-21T19:45:07.0516700Z","level":"Debug","name":"IEasyNetQLogger","message":"Trying
 
to connect", "requesterIp":"","threadid":"6"}"   With fields like 'level', 
'name', 'message', 'requeserip' and 'threeadedid'.  Instead in truncates 
the full message as message, pulls 6 down into level.  Can someone help me 
with the conf file to make this parse correctly?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0c6ac58b-6d5b-44b1-becb-e02e4e7cd70d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.