Hi all,
Using Graylog 4.2.3+553fadb
Notification standard messages displays a long json string hard to read when using the standard block:
${foreach backlog message}
${message}
${end}
The ${message} itself is a json string containing the fields index, message, timestamp, source, stream_ids and a ‘fields’ field, which itself is a nested json.
There is any way to pretty print the json $message ??
Thanks.
A second twist is an issue with another type of log; an nginx log where the $message.message is a escaped json field. Would be great to prety print it too
Hope you can help
Below there are two examples of log message (non nginx and nginx log):
APP LOG EXAMPLE
{index=graylog_670, message=Impossible to save a new lead from email parsed from event SnsProxyEmailEvent(crm,SES/es/broker-inbox/13l3rjpkrjel1gh9i1j6qf8a2jqk5nitp6114b01,3c269d32-f2ee-58a9-9b48-c0af58bda8d3,2023-10-09 07:13:23.0,0), broker[5674] because [LEAD_EXTRACTOR_ENGINE] none of the register processor can handle the email, timestamp=2023-10-09T07:13:27.438Z, source=k8s-127-235-88-61, stream_ids=[635e4777cec7356deb9b4fb5, 000000000000000000000001, 635e4b4ecec7356deb9b544f], fields={gl2_accounted_message_size=1276, k8s_labels_app-api-ver=sched-v45.0.83, level=3, gl2_remote_ip=10.42.3.173, gl2_remote_port=40042, gl2_message_id=01HC9MH6WEA8MV9QVTE6ACZ9AN, k8s_pod_name=event-manager-q-5f4d46c75f-v5g69, k8s_labels_stack_name=event-manager, gl2_source_input=6358f000cec7356deb95845b, k8s_labels_appname=event-manager-q, k8s_labels_appinstance=event-manager-q, k8s_labels_apprelease-time=20231004150817, k8s_container_name=event-manager, level_name=ERROR, k8s_labels_tag=event-manager, k8s_labels_stack_config=prod, full_message=Impossible to save a new lead from email parsed from event SnsProxyEmailEvent(crm,SES/es/broker-inbox-com/13l3rjpkrjel1gh9i1j6qf8a2jqk5nitp6114b01,3c269d32-f2ee-58a9-9b48-c0af58bda8d3,2023-10-09 07:13:23.0,0), broker[461991] because [LEAD_EXTRACTOR_ENGINE] none of the register processor can handle the email, thread_name=events-akka.actor.default-dispatcher-5, gl2_source_node=20cc36f6-aa32-47a6-a033-b0b5d5d2956e, logger_name=com.dom.infrastructure.EventManagerSchedulerInfrastructure$$anon$26, k8s_namespace_name=ci}, id=57bd9ae1-6673-11ee-83b3-ae57fc711eed}
NGINX EXAMPLE
{index=graylog_671, message={"clientip" : "99.99.99.99","ident" : "-","auth" : "","request" :
"/url","request_args" : "","request_full" : "http://www.com.com/url","response" :
501,"bytes" : 27,"referrer" : "","agent" : "Mozilla/5.0 (compatible; proximic;
+https://www.comscore.com/Web-Crawler)","request_id" : "26eb91c18f5740e73c25fa63d6cfdbfb","request_time" :
0.001,"is_pipe" : ".","verb" : "GET","host" : "www.dominio.com","protocol" : "HTTP/1.1","request_length" :
409,"bytes_sent" : 383,"upstream_addr" : "10.43.126.134:9001","upstream_status" : "501","upstream_response_time" :
"0.001","upstream_connect_time" : "0.000","upstream_header_time" : "0.001","x_forwarded_for" :
"99.99.99.99","geoip_country_name" : "","geoip_country_code" : "","geoip_region_name" : "","geoip_city" :
"","uid_reset" : "","uid_got" : "","uid_set" : "uid=33062A0A3FBA23650A002C3502DCEB09","source" : null,"dominio_SESSION"
: "","dominio_REFRESH" : ""}, timestamp=2023-10-09T08:30:55.963Z, source=unknown,
stream_ids=[635924e0cec7356deb95be04], fields={agent_id=3d453707-4680-405c-b193-4678c7ab4d25,
agent_name=k8s-127.245.88.11, log_offset=7481387, kubernetes_namespace_uid=b9c8604b-0238-4361-a3a3-9834a4bb7050,
gl2_remote_ip=10.42.6.0, @metadata_version=8.4.1, gl2_remote_port=10073, kubernetes_labels_appname=website-k8s-web,
gl2_source_input=6358efc1cec7356deb958413, meta_uid_set=uid=33062A0A3FBA23650A002C3502DCEB09, @metadata_beat=filebeat,
kubernetes_namespace=ci, @metadata_type=_doc, gl2_source_node=20cc36f6-aa32-47a6-a033-b0b5d5d2956e,
meta_host=www.dominio.com, meta_bytes_sent=383, kubernetes_labels_pod-template-hash=6d87d974f7,
kubernetes_labels_app-api-ver=api-v5.0.83, meta_upstream_response_time=0.001, gl2_accounted_message_size=3314,
kubernetes_pod_ip=10.42.6.51, agent_ephemeral_id=dca71f42-5c17-4427-a3ac-4939b44b890a,
kubernetes_node_labels_registered-by=out-operator meta_request=/url,
meta_request_full=http://www.dominio.com/url, meta_upstream_connect_time=0.000,
meta_upstream_addr=10.43.126.134:9001, meta_upstream_header_time=0.001, input_type=container,
gl2_message_id=01HC9RZ3MH7JKMG43S67KQFS81, kubernetes_node_hostname=k8s-127.245.88.11, meta_ident=-,
kubernetes_pod_name=site-www-es-website-k8s-web-6d87d974f7-dwn4x, meta_x_forwarded_for=99.99.99.99,
agent_type=filebeat, container_image_name=391907140160.dkr.ecr.eu-west-1.amazonaws.com/web_a5_prod:web-v4.13.30,
kubernetes_container_name=web, kubernetes_pod_uid=1e330760-f2e4-40a2-9162-7489f2094c8d,
container_id=95bee3a27343edf17653deb2c43d963b2030421bcfdacd47bb9ac4dda79c2258, kubernetes_node_name=k8s-127.245.88.11,
kubernetes_deployment_name=site-www-es-website-k8s-web, kubernetes_labels_appinstance=site-www-es,
kubernetes_labels_stack_config=prod, meta_response=501, beats_type=filebeat, ecs_version=8.0.0,
kubernetes_node_uid=77a156a0-1f1d-4b04-be53-3feb41b6f090, kubernetes_labels_apprelease-time=20231006110754,
meta_request_time=0.001, meta_is_pipe=., stream=stdout,
log_file_path=/var/lib/docker/containers/95bee3a27343edf17653deb2c43d963b2030421bcfdacd47bb9ac4dda79c2258/95bee3a27343edf17653deb2c43d963b2030421bcfdacd47bb9ac4dda79c2258-json.log,
meta_protocol=HTTP/1.1, kubernetes_replicaset_name=site-www-es-website-k8s-web-6d87d974f7, meta_verb=GET,
meta_upstream_status=501, kubernetes_labels_tag=web, meta_agent=Mozilla/5.0 (compatible; proximic;
+https://www.comscore.com/Web-Crawler), container_runtime=docker, meta_request_id=26eb91c18f5740e73c25fa63d6cfdbfb,
kubernetes_labels_stack_name=prod, agent_version=8.4.1, meta_bytes=27, @timestamp=2023-10-09T08:30:55.963Z,
meta_clientip=99.99.99.99, kubernetes_labels_app-web-ver=web-v4.13.30, meta_request_length=409,
host_name=k8s-127.245.88.11}, id=2b324017-667e-11ee-83b3-ae57fc711eed}