Missing mandatory "host" field - EKS - Fluentbit

Graylog Central (peer support)
1

Hello all,
I am fairly new to Graylog and currently working on getting graylog running in EKS.

I use a non official graylog helm chart that has mongodb and opensearch integration.

I also use fluentbit as the processor.
After setting everything up, I can get the logs but below repeated warning fills the journal:

2023-06-21T22:40:01.215558613Z stdout F 2023-06-21 22:40:01,215 WARN    [GelfCodec] - GELF message <8ec644f1-1084-11ee-88ee-ea5420893a8a> (received from <10.10.1.38:39263>) is missing mandatory "host" field. - {}

This Warning message comes from the datadog pod itself.

my fluentbit conf:

    [OUTPUT]
        Name          gelf
        Match         *
        Host          graylog
        Port          12201
        Mode          udp
        Gelf_Short_Message_Key log

I saw similar posts with missing mandatory host field issue but not specific to Kubernetes with a clear answer. Ideal outcome should not be getting this repeated warning message. Is there an additional step that I am missing? Any help would be appreciated.

2

Reading through https://docs.fluentbit.io/manual/pipeline/outputs/gelf it looks like you may need to specify Gelf_Host_Key.

Key which its value is used as the name of the host, source or application that sent this message. (MUST be set in GELF )

Can you try setting that?

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.