Logstash Output to Graylog 3.0 (Can't search message)

Hi,

I currently have logstash receiving JSON input and i am trying to output the file to graylog using Gelf. Inputs to logstash are succesful but when i check Graylog webui i can see that files are being received by the gelf udp input. But when i try to search them i get nothing (Searched in all message).

All input are appreciated, thank you.

Logstash config:

input {
      tcp {
        port => 5514
        codec => json
        host => "192.168.0.87"
      }
    }
output {
      gelf {
        host => "192.168.0.97"
        port => 9200
        protocol => "UDP"
      }
    }

Graylog Input

bind_address: 0.0.0.0
decompress_size_limit: 8388608
number_worker_threads: 2
override_source:
port: 9200
recv_buffer_size:

you would need to debug the chain - I would start in Graylog.

If Elasticsearch is running and messages are ingested from Graylog to Elasticsearch, try

System > indices > index-name > maintenance > recalculate index range

So the point is - mesages are ingested into Graylog and after processing to Elasticsearch? Did you see stats in the UI in the right up (in means ingest to Graylog and out means push to Elasticsearch) that should be the same number.

Thank you for the reply,

Messages are now appearing and processed after deleting the entire journal folder.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.