Extract raw source IP from message?

arobert · April 21, 2017, 7:23am

Hi,

I’m trying to debug a problem where the ‘source’ field from a GELF TCP source is being filled in incorrectly. Something is misconfigured on the sending box. Unfortunately I don’t know what that source is, and there does not seem to be any information in graylog about WHERE (which IP) the message was actually received from. I saw in another post that graylog is actually discarding this info if the ‘source’ field is present in the message. Is there any debug info I can get that will show me the IP the message was actually received from, before processing?

thanks,
Adrian

jochen · April 21, 2017, 10:23am

You can find this information in the gl2_remote_ip field.

arobert · April 21, 2017, 12:14pm

Ah ha, OK, well I feel like an idiot now! I was not seeing those gl2_ fields in the UI. Now I found the ‘All fields’ link at the bottom of the Fields panel. Thank you, and sorry for bugging everybody.

Topic		Replies	Views
Can I get source IP from messaged logged via GELF UDP? Graylog Central (peer support) pipeline-rules , debuggingpl	12	2093	May 20, 2021
Parsing syslog messages Graylog Central (peer support)	7	4527	October 18, 2017
Parsing Logs On Graylog Graylog Central (peer support)	8	8307	November 17, 2017
Syslog input without source ip Graylog Central (peer support)	4	5595	February 2, 2018
I dont find src_ip in message body and also how to create separate field for the same? New to Graylog Community? READ-ME FIRST Guides	1	337	March 21, 2023

Extract raw source IP from message?

Related topics