Extract raw source IP from message?



I’m trying to debug a problem where the ‘source’ field from a GELF TCP source is being filled in incorrectly. Something is misconfigured on the sending box. Unfortunately I don’t know what that source is, and there does not seem to be any information in graylog about WHERE (which IP) the message was actually received from. I saw in another post that graylog is actually discarding this info if the ‘source’ field is present in the message. Is there any debug info I can get that will show me the IP the message was actually received from, before processing?


(Jochen) #2

You can find this information in the gl2_remote_ip field.


Ah ha, OK, well I feel like an idiot now! I was not seeing those gl2_ fields in the UI. Now I found the ‘All fields’ link at the bottom of the Fields panel. Thank you, and sorry for bugging everybody.