Getting unidentified structure log data on fluentd from graylog


(Karunesh Kumar) #1

This is regarding the issue of unidentified structure log data we are getting currently which we are receiving from Graylog. Our pipeline is supposed to receive logs from graylog(via graylog GELF output) to fluentd (our content parser). Below are the details:

Example:
Message sent from graylog(seen on graylog-streams):-
{“log”:“2018-03-29 10:05:30,587 [] INFO [] Renewed service GATEWAY with instanceId Gateway:e0a6b5d98b3ee904a2d2c8129aaf9f1e and metadata {instanceId={spring.application.name}-{HOST}-${PORT0}, dockerImage=gateway, enableRegisterFilter=false, pub=true}\n”,“stream”:“stdout”,“time”:“2018-03-29T10:05:30.587644422Z”}

Message received at fluentd side:

{“message”:“\u0016\u0003\u0003\u0000x\u0001\u0000\u0000t\u0003\u0003Zm4l6ʷu:dRk\u0000\u0000\u0010,+/.
** \u0013\u0014\u0000\u0000/\u00005\u0001\u0000\u0000;\u0000"}**

-Although when we try to login to Graylog host and do telnet to fluentd with some sample message, we are able to get proper text logs on fluentd end.

Above observation hints that when we send logs using host - telnet, it comes in normal text format, although when the logs are sent using graylog to fluentd we are getting logs in unidentified structure. Unable to understand this scenario. Please let me know if any one faced such use case.

We are dealing with TCP protocol flow and sending logs from graylog output to fluentd instance @ 3000 port and receiving on 3000 port on fluentd (using fluentd tcp plugin).


(Jan Doberstein) #2

You could create a Bug report over at https://github.com/Graylog2/graylog2-server/issues

This looks like some kind of encoding issue.


(Karunesh Kumar) #3

Thanks for the suggestion. Created the issue just now.


(Jan Doberstein) #4

for ref:


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.