I am using InfluxDB to send notifications to Graylog using http. The messages are getting to Graylog but are not shown in the search tab, instead they pile up in active connections. When I stop the input, they all go through.
I expect 1 message to be sent every ~15 seconds.
Hey @frogmor
I would check ES/GL log files see if you cant find something that would pertain to this issue. Also try using a different input/s, just an idea.
Unfortunately @frogmor, Graylog does not currently have a generic http input. You can try sending it to a raw/plaintext input if http is your only option, but if you can change the output to CEF, JSON, or even GELF, there are inputs for that.
If you prefer, you could put it in a syslog datagram and then use whatever parsing function you prefer to pull that apart.
One last option would be to write the logs to a file on the application host and use an agent like filebeat or nxlog to scrape and send it to Graylog using a Beats input.
I am using the raw/plaintext input. With use_null_delimiter: false the headers of the HTTP POST are recieved but it doesn’t accept the body which is JSON and piles up in active connections until I stop the input and they are all recieved at once.
If there is an easy fix for this that would be great, otherwise I will try filebeat solution.
Thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
