I am wondering about the field “application_name”, that I have neither configured or created. It is filled with some input in some cases, that I do not understand. For me it seems, as if it is generated/filled by something like a graylog integrated feature. Is there a way to disable the processing for this field? Where can it be configured/adjusted or where do I find some more information about it?
Thanks.
It’s very obvious. If you use Syslog Input (TCP/UDP), graylog follows syslog standard and extract field application_name from syslog message send by device.
There are 2 standards for Syslog protocol: Older RFC3164 and newer RFC5424.
Check some article about syslog:
If you don’t want to parse syslog messages at all, create Raw Input, which will store exact message as received. If you want to use another field as application_name (as some devices like cisco doesn’t follow syslog standard), create extractor or use pipeline rule to fix it.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
