Hi,
We have 2 node graylog cluster and their version: 2.4.6 and behind this cluster there is 8 node elasticsearch cluster and their version: 5.6.13.
Our situation is, a source (windows server sending logs via powershell) is sending some messages to graylog. As we can see from tcpdump these messages are coming to graylog. But we can’t see these messages via gui search. I think graylog is parsing them because when we send string to number mapped field, graylog throws error. But when we fix it and send proper message graylog doesn’t throw error and we can’t see that message at stream.
I have checked graylog and elasticsearch logs and I couldn’t find any error related with that stream.I will gladly provide If you need any additional information about cluster.
What could be reason of that? Can you help us with that issue.
Best Regards.
Alpay