I’m currently using Graylog Data Node 6.1, and I’ve set everything up following the official Graylog instructions. I can successfully pull logs using the Sidecar; however, I’ve noticed that the log_level field is missing from the log data. I consulted some colleagues, and they mentioned that the log_level field should be included by default, unless it was overlooked during the setup. Could you help me identify the cause of this issue and suggest how to fix it?
Hey @Arishem,
Is there an example of the log you are sending?
Hello!! @Wine_Merchant,
Yes, Here is an example:
[ERROR] 2025-03-28 04:10:30,473 - Request - http://example.com/ GetSetting-user_id=example12345678
What input / extractor / pipeline rules have you configured?
Hello, @patrickmann
input i have beats
i haven’t setup any pipeline yet
and i have sidecar installed.
this is the configuration i had right now
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: [“${user.graylog_host}:5044”]
path:
data: ${sidecar.spoolDir!“/var/lib/graylog-sidecar/collectors/filebeat”}/data
logs: ${sidecar.spoolDir!“/var/lib/graylog-sidecar/collectors/filebeat”}/log
tags:
scheduler
filebeat.inputs:
type: log
enabled: true
paths:
/mnt/test/*.log
fields_under_root: true
processors:
dissect:
tokenizer: “/mnt/test/test-%{source}.log”
field: log.file.path
target_prefix: fields
multiline.type: pattern
multiline.pattern: ‘^([ERROR])’
multiline.negate: true
multiline.match: after
I follow what my colleagues used and configured, they dont have pipeline setup and just sidecar. still not showing log level. except i use pipelines
ohhh @patrickmann
thank for the information. they did setup something but they forgot. they use extractor to setup log_level instead pipelines.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.