Sending GELF via HTTP - error "is missing mandatory . . . field"

I’ve discovered that the messages “stuck” in the journal are the ones where I set a timestamp attribute, e.g.:

{"timestamp": 1545401448067, "host": "", "version": "1.1", "_cs_data": "XX", "short_message": "csdatareplicator"}

The same (minus the timestamp) is indexed:

{"host": "", "version": "1.1", "_cs_data": "XX", "short_message": "csdatareplicator"}

The Example Payload in the GELF 2.5 docs shows a timestamp field in the document.


Thank you very much!

I can reproduce that, I am a new developer and I am not sure if what is the expected behavior. But it is a bug anyway:

  1. Either it’s supposed to work with timestamp
  2. or it is not and the manual is wrong at the point

Could you please open an issue for that and I will see that the issue gets fixed?

1 Like

Thank you. Issue 5501 has been created.

1 Like

Thanks a lot!


As @dennis pointed out in the github issue the format of the timestamp was wrong.
A timestamp with milliseconds should be in float notation like: "timestamp":1545401488.441 or without
milliseconds like: "timestamp":1545401488. This solves the issue.

Thank you. Apologies for missing that. As it turns out, I had two issues:

  • wrong precision on my timestamp (as you pointed out)
  • a field in the “inner” JSON document - also called timestamp - that seemed to be conflicting with the GELF timestamp.

Once I fixed (removed) the duplicate timestamp element, all of my logs started to flow.


I’m very happy that you got it all sorted out!

Sorry for dropping out of the conversation all of a sudden; I’m at a SANS training all week, which is taking ALL of my time :smiley:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.