How are you sending in logs to graylog? Its important that it can support multi line. For example, when using filebeat, you can configure multiline support so the trace is sent as a single message.
There isn’t really a way to recombine the messages in graylog if they are sent 1 message per line so this part is very important.
We are using Gelf transport from our Nodejs application.
interface LogMessage extends winston.Logform.TransformableInfo {
timestamp?: string;
level: string;
message: string;
stack?: string;
}
const gelfTransport = new GelfTransport(options);
export const logger = winston.createLogger({
level: process.env.LOG_LEVEL || 'info',
format: winston.format.combine(
winston.format.colorize(),
winston.format.errors({ stack: true }),
winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss.SSS' }),
winston.format.printf((info: LogMessage) => {
const logText = `[${process.env.NODE_ENV}] ${info.timestamp} [${info.level}]: ${info.message}`;
return info.stack ? `${logText}\n${info.stack}` : logText;
}),
),
transports: [
new winston.transports.Console(),
gelfTransport
],
});
if (process.env.NODE_ENV === PROD_ENV) {
logger.remove(winston.transports.Console);
}
We have graylog running in a kubernetes cluster. The trace prints fine to the console, but we are unable to get it in graylog.
I unfortunately don’t have any direct experience with nodejs, but what i was able to find is that when writing the messages to the logger (or console) to output them as multiline messages. An example here: javascript - Indented, multi-line logging in NodeJS - Stack Overflow .
I understand this isn’t a “plug and play” fix but may be the only way to address.
