shrwn
June 30, 2017, 6:23am
1
Hi All,
We have recently configured graylog-2.2.2.
we are using compatible elasticsearch with it.
when i am forwarding output from logstash to graylog using GELF, logs are getting edited automatically and even we are unable to view all logs that are being sent to the Master server.
I have done output to file config also in logstash, and that’s showing correct data format and real time events.
Can anyone help me with this? Why i the log format has been edited in graylog and why all log data is not visible on graylog?
Regards,
jan
June 30, 2017, 7:45am
2
Hej Shrawan,
did you search in “all messages” to see if the messages are store with a different timestamp?
regards
shrwn
June 30, 2017, 10:26am
3
Hi Jan,
Yes i checked that and i can’t found all data there. There also log format of messages is completely changed.
Currently i m sending data to two different masters from nodes.
Timestamp and all are properly working in our old env i.e. 1.3.3 Graylog while we are getting log messages completely edited in gralog-2.2.2.
Is there something or some configuration in graylog that i m missing? I can see Graylog UDP as input in input tab of graylog UI.
Please guide.
jochen
June 30, 2017, 10:43am
4
What does that mean exactly? Can you provide examples?
shrwn
July 3, 2017, 6:09am
5
Hi Jochen,
This issue has been resolved.
I changed the Grok pattern again on the node server and it started working.
But still i am confused, because how it come working with old config!
Thanks both of you
system
July 17, 2017, 6:09am
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
