Windows Event Logs to graylog through NxLog

Graylog Central (peer support)
1

Good morning. I’m, receiving a error when Graylog is trying to parse messages from Windows Events via NxLog. Here is the error message on Graylog:

{“type”:“mapper_parsing_exception”,“reason”:“failed to parse field [EventType] of type [long] in document with id ‘e27e4051-0f95-11ea-985d-1c98ec14eaa4’”,“caused_by”:{“type”:“illegal_argument_exception”,“reason”:“For input string: “INFO””}}

I’ve followed the documentation for NxLog side and creating the Input. Here is that configuration:

Module xm_gelf ########## INPUTS ########### 
Module      im_msvistalog
Module om_udp Host Server IP Port 12202 OutputType GELF Path eventlog => udp

image
image592×930 35.7 KB

Has anyone come into an issue like this before? This is my first time trying to get Windows Event logs into Gelf. Any ideas?

2

I think it should be

Path        in => out
3

The name of my Input is “eventlog” and the name of the Output module is “udp”, so that’s not the issue. The messages are getting to graylog. I don’t suspect nxlog is the issue.

4

The problem was apparently in the Index. System-Indicies- Default Index- Rotate Active Index. This resolved the problem. I’m not sure why this fixed the issue because I have never tried to write a field for “Event Type” as a “long”. Oh well. I hope someone else might find this useful in the future.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.