I am sending entries to greylog and while we could see the log entry arrive using a packet trace nothing was appearing in greylog.
By trial and error we determined that omitting the timestamp resulted in the entry appearing in greylog.
I found a website that converts epoch timestamp and checked the timestamp was valid and it was.
There are no errors showing in any log I can find.
Here is a sample of the log entry json being sent.
{ “version”:1.1",“host”:“example.org”,“short_message”:“This is a short message”,“full_message”:“This is the full message”,“timestamp”: “1629332852.490”, “level”: 5,"_some_info": “foo” }
If I omit the timestamp ONLY then the entry will be added/processed correctly.
Any suggestions greatly appreciated.
Thanks
Environmental information
Operating system information
Ubuntu
Package versions
```
Your code goes here
```
For longer code or configuration bits, please enclose your snippet in a summary block like this:
If you read gelf correctly, GELF require timestamp to be number, and you send it as string (in quotes). So try to remove quotes around timestamp, and it should work.
I have removed the quotes from around the timestamp but still the entry is not added.
But if I send the same entry missing the timestamp all together the entry is added.
Sorry Graylog
Thank you for the reply. I have checked the code and the version does have the correct format. I have run the program in debug and here is an actual log that does NOT successfully get added in Graylog.
{“short_message”: “|QSYS-QHST|CPF1164|High|”,“full_message”:“Job 357020/QSECOFR/QP0ZSPWP ended on 20/09/21 at 14:44:59; .013 seconds used; end code 30 . suser=QSSHD sproc=357020/QSECOFR/QP0ZSPWP”, “host”:“iua400.isuzu.com.au”, “version”:“1.1”, “timestamp”:1632113099.998, “level”:3 }
If I remove the timestamp completely from this message the log entry will get added.
Hi @msddcb
I don’t have problem with your message. I’ve tried it to send to graylog using nc to GELF UDP input and worked as expected in graylog 4.1.2. No errors, saved with correct timestamp. Which graylog version, input do you use?
echo -n '{"short_message": "|QSYS-QHST|CPF1164|High|","full_message":"Job 357020/QSECOFR/QP0ZSPWP ended on 20/09/21 at 14:44:59; .013 seconds used; end code 30 . suser=QSSHD sproc=357020/QSECOFR/QP0ZSPWP", "host":"iua400.isuzu.com.au", "version":"1.1", "timestamp":1632113099.998, "level":3 }' | nc -w1 -u graylog.server 12201
Hi,
Thank you for your reply.
Here is my predicament; I do not have direct access to Graylog, I am providing logging from a different system. I will email the Graylog administrator but currently he is on annual leave,
I can confirm though that is I try and log that entry it will NOT appear in Graylog but if I remove the timestamp completely it will appear in Graylog.
I will update this topic with the exact version of Graylog once a reply is received.
In the meantime could you suggest/advise what log files to check to determine the reason the log entry fails to add ?
Thanks Don
