Logs are written without populating the name or source

I’ve installed the new sidecar (v1.x) and configured it from the documentation. I have an agent shipping logs to Graylog 3.0.2 but it does not log the details where the logs came from. When I click on “show messages” from Sidecars I don’t see any logs but when I look at all incoming logs I can see the hosts logs as from unknown. So my input is working and receiving logs from the new graylog collector using Filebeat 7.1. The legacy agents are working without any problems.

image

I have the following added to the Colletor configuration:

fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

What am I missing? Why can’t I see the origin of the messages?

what is your collector configuration in complete?

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

filebeat.inputs:
- input_type: log
  paths:
    - /var/log/*.log
    - /var/log/*
  type: log
output.logstash:
   hosts: ["192.168.1.1:5044"]
path:
  data: /var/lib/graylog-sidecar/collectors/filebeat/data
  logs: /var/lib/graylog-sidecar/collectors/filebeat/log

When I start the graylog-collector in debug:

INFO[0000] Using node-id: ca21879b-783e-458f-a4c8-e5316add902f
INFO[0000] No node name was configured, falling back to hostname


I can see the ID is set here too:

I have downgraded the filebeat agent from 7.1.1 to 6.3.2 and now at least I see the hostname and source but still not the node-id

image

sorry to say - but I do not get your problem - the field source is given and I did not get your question

@jan what version of the filebeat agent do you use?
My main issue is that when I click on “Show messages” below I am shown none. The messages coming in are not assigned to the Node ID.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.