Hi all,
I am using Graylog 2.4.3.
My flow is as follows:
Logs(mobile,computer etc)—>Filebeat------------->Graylog–>Log Analysis server
When the logs reaches from the filebeat to the graylog it comes in a right format to /var/log/syslog folder in graylog server.
But the graylog output is coming in distorted format in multiline and sent to Log analysis server.
Content-Type: application/json;charset=UTF-8;ver=0.9
Response-Code: 200
Content-Type: application/json;charset=UTF-8;ver=0.9
ID: 11122610
Headers: {Content-Length=[0], Date=[Tue, 12 Dec 2018 08:49:15 GMT]}
ID: 11122611
ID: 11122603
Content-Type: application/json
Headers: {Date=[Tue, 12 Dec 2018 08:49:18 GMT], Content-Type=[application/json;charset=UTF-8;ver=0.9]}
Looking at the above output it looks like there is some problems while the graylog output format which fails to parse certain REST APIs. You can see there are 3 message IDs(11122610,11122611,11122603) comes in different lines. It only happens for certain REST APIs.
Is it something to do with maximum message length or message type of output as mentioned in below:
Referring to the GitHub link :
-
If I need to send any message length >16384 bytes in Maximum message length field can I pass as 0 or anything else? Similarly can i send message type as “full”
-
Can anyone provide some clues what could be the wrong which results ?
Any help is really appreciated.
Regards
Pradeep