Graylog 3 - Docker Log Driver - Only message field on graylog

hermes-pimentel · July 5, 2019, 3:13am

Problem: Containers are using GELF UDP with log-driver=gelf. Using a TCP dump the json sent do graylog was:

{
“version”: “1.1”,
“host”: “dev-graylog-asg”,
“short_message”: “TESTE12345”,
“timestamp”: 1562273526.271,
“level”: 6,
“_command”: “echo TESTE12345”,
“_container_id”: “xxxx”,
“_container_name”: “xxxxxx”,
“_created”: “2019-07-04T20:52:05.970041461Z”,
“_image_id”: “sha256:xxxx”,
“_image_name”: “xxxx”,
“_tag”: “062498dd73e0”
}

However, only message field appears on graylog UI, with “TESTE12345” string. Should short_message be displayed instead?

All other fields, are show as expected.

If I send this json directly to graylog with nc command, all fields are indexed and short_message get the correct value.

Tks.

system · July 19, 2019, 3:17am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Docker logging and empty mandatory "short_message" field Graylog Central (peer support)	4	2533	April 5, 2019
Graylog does not show log received via UDP correctly Graylog Central (peer support) gelf	4	32	August 19, 2024
GELF message has invalied "short_message" Graylog Central (peer support)	3	1898	December 16, 2019
Cannot send docker container logs to graylog 3.3 with "gelf" driver Graylog Central (peer support)	1	1556	May 16, 2021
Graylog: Messages not shown Graylog Central (peer support)	1	242	April 28, 2021

Graylog 3 - Docker Log Driver - Only message field on graylog

Related topics