Hi Jochen, thank you for this information. So, how can I rename the field "message.level" to "message.log_level" before using JSON extractor?
Cheers, Alexandre Em sexta-feira, 29 de julho de 2016 12:38:26 UTC+1, Jochen Schalanda escreveu: > > Hi Alexandre, > > the JSON extractor will happily overwrite the existing field and that's > probably the problem. > > If the "level" field is not numeric, Graylog and Elasticsearch will fail > to index it. You should find numerous "index failures" in the logs of your > Graylog node and in the "index_failures" collection in MongoDB. > > Cheers, > Jochen > > On Friday, 29 July 2016 12:46:45 UTC+2, Alexandre Verri wrote: >> >> I discovered that there is a clash between the field ''level" from the >> original message and the contents of the field "message". >> >> >> <https://lh3.googleusercontent.com/-eDA8jbvFBdM/V5sz4nUyoMI/AAAAAAAANp0/C3CENbsE_Bw8U_Z4hWHNtMYQpXGjs-W0ACLcB/s1600/Capture.PNG> >> >> >> What will be the behaviour of JSON extractor in this case? >> >> >> >> Em quinta-feira, 28 de julho de 2016 21:33:13 UTC+1, Alexandre Verri >> escreveu: >>> >>> I have set two extractors for a particular input in Graylog. The *same >>> input* receives logs from Apache and from a Java application. The >>> Apache log is being parsed using an Grok extractor, and it is working fine. >>> If using an extra JSON extractor for the Java application, the messages >>> from Java application does not appear in the search panel. >>> >>> So, in summary: >>> >>> Apache logs ==> GELF UDP input ==> Grok extractor ==> message parsed, >>> showed in search query >>> Java logs ==> GELF UDP input ==> JSON extractor ==> *message does >>> not appear in search query* >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a266505f-08c2-4693-b25f-6349bff5a7d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
