Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
i am sending log by curl but cannot see in the graylog
2. Describe your environment:
log sender: windows 10 19044.1415
graylog server : Graylog v4.2.3+553fadb
Package Version:
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
send log with the command below and click the button show received messages
There are some command tips here including a sample curl to gelf.
On a side note - in your post the quotes are “fancy” some are " instead of " so they don’t copy/paste well for commands. Use the forum tool </> to format commands nicely as above.
EDIT: While poking around on a similar question I came across this quote from @jochen:
" Also be reminded that the regular expression has to match *the complete field content* if the field hasn’t been tokenized/analyzed."
So you could either create a custom mapping to have the entire field analyzed or you can split up the field to its constituent parts in an extractor or pipeline so that you can query relevant information.
As such it seems that “zoom” doesn’t appear in the $message.message field, otherwise it would be found (Message is an analyzed field)
