Hello
Thanks for info but my case is different (I think!)
If I'm not wrong your configuration for NXLOG is to fetch live eventlogs,
in my case I have a huge archive (5TB) of windows logs that have been
already exported as text file, so I'm not accessing the live eventlogs on a
windows system.
Hello
Found the issue as well, only the message is by default exported so I had
to create an extractor to override the default "message" with the full
message
I used the split and index, using {" as splitting characters
Thanks!
Mark
On Sunday, May 31, 2015 at 1:49:07 AM UTC+10, graylog...
Hello
Found the issue, it was the configuration of NXLOG, I had to tell NXLOG
that the input was multiline and the headline/endline were {}, I changed
the nxlog.conf as below:
Module xm_gelf
Module xm_multiline
HeaderLine /^{/
EndLine /^}/
Module
Hello
I'm using the "production" OVA (not the beta) of Graylog
I noticed that when I try to export the results of a search, the message
field is trunked, see example below:
The full message is full_message
*{"1331892651000, 4776, "Success", "Security",
"Microsoft-Windows-Security-Auditin
Hello
I'm having a problem with graylog and nxlog feed
I have a huge archive of windows event logs, I have been trying to import
these logs into graylog using nxlog and gelf
It all works well, nxlog pickup the logs and imports them but the messages
are being split in several records rather th
