Custom Logs with Dashboard

Graylog Central (peer support)
1

Hi all,
I installed from OVA a GrayLog v3.3.1.

I created a new input GELF UPD, and I can send the file log from windows.

I created a jason file log like this:
{
parameter1: value
parameter2: value
parameter3: value
}

Now the problem is, when I see the output in GrayLog I see the variuable name and value in a single meaasege: “parameter1: value”.

How can configure it to view like this:
parameter as name and its value as value?

Thanks.

2

he @m.ferrara

if you ingest to GELF, you need to ingest valid GELF messages and the codec will parse the key value pairs out. If that does not happen you need to configure one extractor OR a processing pipeline that parses that.

3

Hi Jan,
thank you so much for your reply.

Could you write me an example please?

Thanks for the support
Marco

4

Have you read this?
https://docs.graylog.org/en/3.3/pages/gelf.html#

5

Hi Karlis,
thanks for the reply.

I’m sorry but I’m very confused.

Is correct my configuration (input as GELF UDP) for my scope?
Or I must configure new/different input in my GrayLog server, to read the JSON custom file?

Thanks for the support.
Marco

6
  1. Your json file doesn’t use correct json syntax:
    correct one will be:
    {
    “parameter1”: “value”,
    “parameter2”: “value”,
    “parameter3”: “value2”
    }
  2. If you want to use Gelf, you can need to follow it’s syntax, so you can send every parameter with _ before parameter, ang graylog automatically parsed:
    { "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_parameter1": "value", "_parameter2": "value", "_parameter3": "value" }
  3. You have also another option to parse message, if you send correct json, you can use JSON extractor on message field to extract fileds from json
7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.