I am using GELF TCP Input to upload events into Graylog via a TCP Input.
When due to errors (ex JSON syntax errors - a missing comma) certain events are not uploaded, how can I find in Graylog what went wrong ?
Is it some kind of error log, or error events ?
Ps. Gelf TCP Input Errors did appear as System Events in Graylog 2.5. No more in 3.3.
I assume your using GL 3.3,if so I dont have that version in my lab to test this out. Using GELF TCP correct me if im wrong but it that enterprise version?
I think this would be GELF TCP OUTPUT? To be honest the first thing i would look at it timestampe/Time zone on the devices to ensure there correct. Depending on the Device recieve the logs perhaps TCPDUMP or wireshark. As for Graylog 3.3 im not sure if it will.
Yes - I am using Graylog 3.3. It is the .ova version, I guess it is the Open and not the Enterprise.
The idea is not to find the error of a specific issue, but to know in general:
If TCP Input fails - for whatever reason - how can I know what it is wrong?
@altink , have you looked at the Indexer and Processing errors section of the System\Overview page? If you’re dealing with a GELF input error, you may find something there.
2023-03-03T23:50:27.684+01:00 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
where can I find the:
“index error log in your web interface for the reason” ?
Depending on the version of Graylog, They created a index called Graylog Message Failures which “contains messages that failed to be processed or indexed.” this is connected to a stream called "Processing and Indexing Failures ".
EDIT I belive for your version 3.3.x not sure if that version has that. but I did find this for ya