How to change a field name or its contents after a JSON extractor? What I
would like to do is:
Extract data with JSON Extractor ==> manipulate some fields
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
node and in the "index_failures" collection in MongoDB.
>
> Cheers,
> Jochen
>
> On Friday, 29 July 2016 12:46:45 UTC+2, Alexandre Verri wrote:
>>
>> I discovered that there is a clash between the field ''level" from the
>> original message and th
I need to handle multiple log formats: JSON, Apache and Tomcat format. It
is very easy to handle each of them separately using JSON Extractor and
Grok pattern.
But how to handle all of them in the same input? I have a GELF Input that
receives these 3 types of log formats.
The general format
the behaviour of JSON extractor in this case?
Em quinta-feira, 28 de julho de 2016 21:33:13 UTC+1, Alexandre Verri
escreveu:
>
> I have set two extractors for a particular input in Graylog. The *same
> input* receives logs from Apache and from a Java application. The Apache
>
a logs are ingested by Graylog?
>
> Are the timestamps of those Java logs correct or might they be "in the
> future" so that a normal search query doesn't include them?
>
> Cheers,
> Jochen
>
> On Thursday, 28 July 2016 22:33:13 UTC+2, Alexandre Verri wrote:
>>
>
I have set two extractors for a particular input in Graylog. The *same
input* receives logs from Apache and from a Java application. The Apache
log is being parsed using an Grok extractor, and it is working fine. If
using an extra JSON extractor for the Java application, the messages from
Java
I have fields like *http_code *and *host*, and I would like to create a
graph showing the total number of *http_code=404* per host, in a certain
amount of time.
How to create this graph in Graylog?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users"
e, as described in your other thread on this
> mailing list:
> https://groups.google.com/d/msg/graylog2/_3NYtZ5_4q8/75dLZ5xlAwAJ
>
> Cheers,
> Jochen
>
> On Thursday, 28 July 2016 16:29:53 UTC+2, Alexandre Verri wrote:
>>
>> I would like to know how to create a que
>
> Hi Alexandre,
>
> logstash-gelf will send the log messages directly to Graylog.
>
> Docker logging is line-based which means that you won't gain anything by
> printing your logs (in whatever format) to standard out.
>
> Cheers,
> Jochen
>
> On Thursday, 28
I would like to know how to create a query for searching the contents of
*message
*field, considering that this field is formatted with JSON.
Example, suppose the following *message *field content:
{"@timestamp":"2016-07-28T14:16:28.654+00:00","@version":1,"message":"User
authenticated with
raylog.org/addons?tag=java>.
>
> Personally, I'd recommend logstash-gelf
> <https://marketplace.graylog.org/addons/7ea104bd-519d-4140-a396-ff962314415e>
> .
>
> Cheers,
> Jochen
>
> On Thursday, 28 July 2016 15:32:52 UTC+2, Alexandre Verri wrote:
>>
>&
a application. See
> https://marketplace.graylog.org/addons?tag=java for a list of GELF
> appenders in the Graylog Marketplace.
>
> Cheers,
> Jochen
>
> On Thursday, 28 July 2016 13:47:55 UTC+2, Alexandre Verri wrote:
>>
>> I would like to know to avoid splitting Java stacktrace
I would like to know to avoid splitting Java stacktrace messages when using
GELF format.
I have configured a GELF UDP input in Graylog, and sending messages from
application using Docker GELF driver.
The problem is that the messages are spplited by new line chars contained
in the stacktrace,
13 matches
Mail list logo
