Extractors not working after installing latest side car agent

Hi Folks,

I am running Graylog 3.1.0+aa5175e on graylog.seacoglobal.com (Oracle Corporation 1.8.0_222 on Linux 3.10.0-957.27.2.el7.x86_64)

I have just updated all my graylog side car collector to latest side car with nxlog.

Now, for some reasons, extractors [regex] have stopped working.

2019-12-16 16_55_26-Start1399×301 14.3 KB

If i load the message in the extractors, and try the extractor, they are able to parse msg just fine. However, it’s not parsing msgs when logs are being sent to graylog.

Appreciate your inputs to resolve this issue.

as a troubleshooting step, i have deleted and recreated the extractors, however no change.

I am seeing the following in the server.log

2019-12-16T09:21:38.751Z WARN  [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=ADFS Gelf TCP, type=org.graylog2.inputs.gelf.tcp.GELFTCPIn
put, nodeId=null} (channel [id: 0x4fde65c9, L:/172.17.1.87:5045]) should be 1048576 but is 425984.

However, the input is set to 1048576, not sure why there is warning related to receive buffer size.

Folks, any thoughts on how to fix this issue?

Check your extractor
interface
message format
message’s field
field in extractor

Folks, I managed to resolve the issue. The fix was very trivial, while migrating from older agents to newer one, I some how over looked the port number.

Once, I have fixed the port no. I can now see extractors working. Btw, I still have that TCP Receive buffer warning. I presume i can leave it as it is since i don’t see an impact of it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.