Hallo Folks
I am getting this error in Graylog container.
I am not sure where this message is coming from. Is there anyway I could see the whole message contents? Or traceback to the source?
I have seen a similar issue in one of the posts
In my case the ports are all different.
I am using Graylog version 4.3.14
Could anyone please help me on this?
Thank you 
Hey @findingnemo
A GELF message from node 10.xxx.xxx.xxx is missing short message field. How are you sending those logs (i.e. filebeat, Nxlog,etcā¦) , what type of log formate are you sending ( i.e, database, Apache, etcā¦) and what input are you using?
The input may be incorrect for that type of message being sent from that node. As for finding that message you can try looking it ā_idā shown in the screen shot.
You can look in the default stream called āProcessing and Indexing Failuresā see if its in there, other then that, I dont know. Chances are it may have been drop.
Hey,
We use gelfhttp to send the log messages. Within application we use log4net/serilog/nlog or console log (.net) and gelfudp from fluentd from kubernetes.
The log format is gelf.
I cannot search by ā_idā keyword in the streams. But I could find this property => āgl2_message_idā. May I know if this is what you meant?
I cannot see a stream called āProcessing and Indexing Failuresā. May I know if this is an enterprise feature?
Thank you
Hey @findingnemo
Yes,
Yes, Finding a dropped message or a message that could not be indexed may be difficult. I would check out the application to ensure its sending the right format or perhaps try another input type.
Hey Smith,
I will check from my applications if they are sending the right format or try another input type.
Thank you for your help.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
