Hello,
Upgraded my test environment from 3.1.X to 3.2.X and zero logs showed in the “Search” page…
I have been using rsyslog as my log collector since 2.X with no issues…
- I can confirm that rsyslog is receiving logs from devices
- I can confirm that rsyslog sends the logs to the graylog inputs (using Syslog UDP) ( without any extractors )
- The moment I add a json extractor, logs stop showing in the search page. ( i dont see Doc count increase either in elasticsearch )
Typical log format:
{"timestamp":"2020-02-03T20:11:45+00:00","source":"H-TXA-1LAB-SW-1","ip_address":"2607:2400:9:2091:21c:2eff:fe57:cd00","application_name":"00422","message":" chassis: Slot D Ready","level":"6","facility":"local3"}
Interestingly I see graylog-server logs:
2020-02-03T20:15:18.379Z WARN [ProcessBufferProcessor] Unable to process message <e5a6fca1-46c1-11ea-beba-78e3b509de78>: java.lang.ClassCastException: Cannot cast java.lang.String to org.joda.time.DateTime
2020-02-03T20:15:18.601Z WARN [ProcessBufferProcessor] Unable to process message <e5c8b570-46c1-11ea-beba-78e3b509de78>: java.lang.ClassCastException: Cannot cast java.lang.String to org.joda.time.DateTime
2020-02-03T20:15:29.302Z WARN [ProcessBufferProcessor] Unable to process message <ec296630-46c1-11ea-beba-78e3b509de78>: java.lang.ClassCastException: Cannot cast java.lang.String to org.joda.time.DateTime
I also tried using a “Raw/Plaintext UDP” input and without Extractors the log comes up, but when I add an extractor it no longer works.
Any input is much appreciated!!
CentOS Linux release 7.7.1908 (Core) 3.10.0-1062.9.1.el7.x86_64
graylog-server-3.2.0-6.noarch
openjdk version "1.8.0_242"
elasticsearch-6.8.6-1.noarch
rsyslog-8.24.0-41.el7_7.2.x86_64
mongodb-org-server-4.0.16-1.el7.x86_64
mongodb-org-shell-4.0.16-1.el7.x86_64
mongodb-org-4.0.16-1.el7.x86_64
mongodb-org-mongos-4.0.16-1.el7.x86_64
Thanks,
Dave