GELF and nested JSON

czanik · December 14, 2017, 11:22am

Hi,

I was directed here from Twitter (https://twitter.com/PCzanik/status/938797812036390912). Do I see well, that GELF does not have direct support for nested JSON?

The nested parts (_journal and _sudo) are left in JSON format. Of course I can attach an extractor to the fileds one by one but it’s not really practical.

Nested JSON seems to work fine if I create a raw TCP input and add a JSON extractor to it. It finds all fields automagically.

BTW: these are the results of my experiments with the new graylog2() destination and GELF template released with syslog-ng version 3.13 last week.

Peter

czanik · December 14, 2017, 11:47am

I collected my experiences with syslog-ng sending logs to Graylog in a blog:

I’m happy to correct it if there is an automated way of extracting fields from nested JSON in GELF

Peter

jochen · December 14, 2017, 12:55pm

That’s correct.

The only “datatypes” GELF knows of a strings and numbers as defined in the GELF 1.1 specification:
http://docs.graylog.org/en/2.3/pages/gelf.html#gelf-payload-specification

system · December 28, 2017, 12:55pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to send structured logs to GELF? Graylog Central (peer support)	9	10186	April 3, 2018
How to map JSON log fields to GELF and send them to Graylog Graylog Central (peer support)	5	2705	June 2, 2017
How to extract Json field Graylog Central (peer support)	3	4240	March 14, 2019
Nginx GELF sending leading timestamp Graylog Central (peer support) pipeline-rules	3	1541	February 3, 2021
Need to support arbitrary JSON, but Greylog is creating Elasticsearch mappings very strictly Graylog Central (peer support)	1	529	April 29, 2021

GELF and nested JSON

Related topics