I have a GELF HTTP input in graylog and i’m sending logs to that input. The logs that i’m sending are of type text/plain but graylog is not processing them. I’m using apache nifi to send the files to graylog, nifi is telling me that the files were sent successfully but i don’t see the messages on my graylog.
I sent the same POST that apache nifi is sending with postman and i’m getting a 202 code (indicates that the request has been received but not yet acted upon). Any ideas why graylog is not processing those logs ?
Hi @jan thank you for replying, i checked the server.log and is showing errors every time one of those logs gets to graylog. This are the error:
ERROR [DecodingProcessor] Unable to decode raw message RawMessage{id=dded34b0-0b9e-11ea-be73-000c297aa242, journalOffset=33111223191, codec=gelf, payloadSize=24604, timestamp=2019-11-20T14:05:54.427Z, remoteAddress=/xxxxxxxx} on input .
ERROR [DecodingProcessor] Error processing message RawMessage{id=dded34b0-0b9e-11ea-be73-000c297aa242, journalOffset=33111223191, codec=gelf, payloadSize=24604, timestamp=2019-11-20T14:05:54.427Z, remoteAddress=/xxxxxxxxx}
so you actually do not send GELF messages to the HTTP GELF Input.
Change your sender to create GELF messages and it will work.
Hi @jan i’m actually sending xml files that i receive via email, i was trying to drop them as GL fields without making any modifications but it seems like that was not possible. I checked the xml to make sure i was not receiving invalid xml but i was. So i did some modifications and transformed the xml to json. Now i’m not getting any errors in server.log but the messages are still not processed by graylog. Any ideas why that could be. Thank you.
@lacarrillo you could send that json to a RAW input - but if you send to a GELF input you need to follow that and send in GELF messages.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.