I am sending messages to my graylog cluster using GELF HTTP over port 12229. The client is receiving 202 responses indicating the logs are processed. In the “Input” tab, I’m looking at “Throughput / Metrics” > “Network IO”, and that is filling up as I send messages (I have been sending the example test message, same as the documentation). However, when I go to “Show Received Messages”, nothing is there. I have tried changing from relative to absolute time and searching all messages, but still nothing shows up.
What is going on here? Am I missing something, or could this be a bug? Any help is greatly appreciated.
Is the system time still accurate? I’ve experienced issues before where ntpd died and my search results became skewed/nonexistent. The data was being filed away routinely in elasticsearch, but a search using the browser couldn’t retrieve the proper time range.
Yeah, the system time seems to be accurate within 1 minute. I should have said, I have a few other inputs that work just fine with indexing / searching. It is just the new GELF HTTP input that isn’t working properly.
you could look at the logs of graylog server. The could be some java exceptions that help to understand.
Very often the timestamp field has a space between date and time, and Graylog requires it to be the letter T instead. You can see if this is the case By looking at the logs. If it is, you can fix it By adding an extractor to the timestamp that contains a date converter.
I’m sending the example payload to my server: curl -XPOST http://graylog.example.org:12202/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}'
yeah, sorry, that’s because I copied it directly from the docs. in my tests I’m using the correct host/port. As I said before, it’s hitting the server, which is filling up the input and returning a 202, I just can’t see any messages.
I had this same issue, but I think mine was more to do with sending incorrectly formatted logs through the TCP syslog. Once I sent in through TCP plaintext, it worked fine.
Hey, seems I currently having the same problem, I tried via UDP, TCP and HTTP nothing is working however I can see, as soon as I start sending messages, the Network IO und MSG/s is increasing… However no Messages are shown?
Any Idea? This is the curl command: curl -v -XPOST http://192.168.0.50:30202/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "version": "1.1"}'