Defined the facility field as "gelf-java" but Graylog is showing as "filebeat"


(Mohd Arif) #1

I have defined the facility in log4j.xml as gelf-java but in graylog it is showing as “filebeat”.

log4j.xml

<appender name="graylog2_restservices" class="org.graylog2.log.GelfAppender">
		<param name="graylogHost" value="xxxxxxxxxxxxxxxx"/>
		<param name="graylogPort" value="12202"/>
		<param name="originHost" value="xxxxxxxxxxxxxxxxxxxxxx"/>
		<param name="extractStacktrace" value="true"/>
		<param name="addExtendedInformation" value="true"/>
		<param name="facility" value="gelf-java"/>
		<param name="Threshold" value="DEBUG"/>
		<param name="additionalFields" value="{'environment': 'integration', 'application': 'glassfish', 'buildingblock': 'xxxxxxxxxxxx' , 'logtype': 'restservices'}"/>
	</appender>

Please find the attached screenshot…


(Ben van Staveren) #2

That’s probably because you have an actual filebeat process parsing the server.log file and sending it to Graylog over a Beats input - see the file field? When you’re using the GELF appender, that field shouldn’t even be there.

Check your configurations again :wink:


(Mohd Arif) #3

Yes , I could see gelf-java appender showing file field as ? an facility field as “gelf-java”.
I take a look of the configuration it is same as other application that is collecting the logs as “gelf-java”.

I checked the inputs it is using GELF UDP not beats.

I am investing further.
Please let me know if you know a place where i can take a look.


(Mohd Arif) #4

I correct the Log4j.xml.
Now this issue is resolved.