Inputs - Empty reply

Hello there,

I am running a local docker setup of GrayLog (setup according to the quickstart steps in the documentation to test it out and see what it can do.
But I have encountered some issues during setup.
It works fine when it comes to the web interface. No problem reaching it at and setting up various things like inputs and such.

However, when I did try to actually send some data to the input, all I got back is “Empty reply from server” from the curl command.

The input is a GELF HTTP input, listening on
And it looks like:
decompress_size_limit: 8388608
enable_cors: true
idle_writer_timeout: 60
max_chunk_size: 65536
number_worker_threads: 2
override_source: <empty>
port: 12201
recv_buffer_size: 1048576
tcp_keepalive: false
tls_cert_file: <empty>
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: false
tls_key_file: <empty>
tls_key_password: ********
The data i am sending is a simple test message that is found from the related documentation
curl -v -XPOST -p0 -d '{"short_message":"Hello there", "host":"", "facility":"test", "_foo":"bar"}'

I even tried editing my firewall, but that didn’t help, as it shouldn’t have affected this anyway.

Anyone have any idea of what might be the cause?

I am fairly sure the answer is somewhere, might even just be me missing something in the setup.

Do it again and see if curl -v gives you a 204 status code. I’ve never used GELF over HTTP before, but in cases like this often there is no need to send a reply beyond a status code, and most likely you will find a 204 No Content reply - which would mean it’s all working :slight_smile:

That is one of the things I did.
This is the response.

curl -v -X POST -d '{"short_message":"Hello there", "host":"", "facility":"test", "_foo":"bar"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying
* Connected to ( port 12201 (#0)
> POST /gelf HTTP/1.0
> Host:
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Length: 86
> Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 86 out of 86 bytes
* Empty reply from server
* Connection #0 to host left intact
curl: (52) Empty reply from server

So there is no 204 no content reply there.

It says it can connect to the local server at the specified port. But it doesn’t accept any input.
The input in the web-interface also doesn’t list any recieved messages at all.

Okay, that’s odd - I’m not familiar at all with GELF/HTTP (we use Beats at my place) so maybe someone else has a solution for you, I’m all out of ideas :frowning:

When you are starting docker, you are including -p 12201:12201. I know very little about docker but I was reading through the documentation and it stood out. If you are doing all of this inside of the docker instance it shouldn’t matter… but “it shouldn’t matter” always bites me in the

I decided to try sending over GELF TCP just to see what happened, and, well.
It didn’t exactly work, but halfway i guess?
this command
echo -n -e '{ "version": "1.1", "host": "", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -vv -w0 12201
from the documentation with a nc -vv flag gave me this result
Connection to 12201 port [tcp/*] succeeded!

So i went on the web-interface to check if i can see any messages to that input. But there was nothing there.
I am starting to think that the issue now lies elsewhere, not with the connection, but with the inputs perhaps.
Going to look into this a bit more.


Hey I was originally running graylog using docker with version 2.4. When I updated my graylog version to 3.0, I started seeing the same or similar issue. Updating to graylog 3.0.1-1 fixed the issue with not receiving the 202 response from graylog when sending a Gelf tcp message to my graylog input. But I was still not seeing the messages until I checked the system requirements and updated my version of mongodb to 3.6.12.

I hope this also works for you,


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.