[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Jochen, thank you for this information. So, how can I rename the field "message.level" to "message.log_level" before using JSON extractor? Cheers, Alexandre Em sexta-feira, 29 de julho de 2016 12:38:26 UTC+1, Jochen Schalanda escreveu: > > Hi Alexandre, > > the JSON extractor will happily o

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Alexandre, the JSON extractor will happily overwrite the existing field and that's probably the problem. If the "level" field is not numeric, Graylog and Elasticsearch will fail to index it. You should find numerous "index failures" in the logs of your Graylog node and in the "index_failure

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

I discovered that there is a clash between the field ''level" from the original message and the contents of the field "message". What will be the behaviour of JSON ex

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Jochen, yes, I am sure the logs are being ingested, because if I just remove the extractor, the messages appear in the same search window. Please see bellow an example of one received message, without the extractor.

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Alexandre, are there any error messages in the logs of your Graylog nodes? Are you 100% sure that the Java logs are ingested by Graylog? Are the timestamps of those Java logs correct or might they be "in the future" so that a normal search query doesn't include them? Cheers, Jochen On Thur