Hi Joshua,
please check the logs of your Graylog and Elasticsearch nodes for error
messages.
As far as I see, the "level" field doesn't have the correct format (it
should be numeric).
Cheers,
Jochen
On Friday, 21 October 2016 23:56:55 UTC+2, Joshua Walderbach wrote:
>
> I went into one of my inputs and added a JSON extractor on full_message.
> Without changing anything I click Try and it properly breaks apart the
> sample message into many useful fields. I give it a name, save, and then
> give it a few minutes. Now no new messages are coming into the input or
> streams that use rules to pull in messages. I delete the extractor and in
> seconds logging is back to normal. I don't understand why it looks good in
> the preview but stops my logs cold when it's applied. Anyone?
>
>
> Example message: { "date": "2016-10-21T21:06:05.8063946Z", "level":
>> "INFO", "name": "xxxxxxxx", "message": "GET:CheckStatus", "threadid":
>> "24", "requesterIp": "10.xxx.xxx.xxx", "url": "\/v1\/status\/
>> xxxxxxxx-xxxx-43AE-xxxx-CF5003E44594", "method": "GET", "correlationId":
>> "1a5b2f5a-xxxx-4b19-xxxx-970008b4efa7", "userAgent": "Rackspace
>> Monitoring\/1.1 (https:\/\/monitoring.api.rackspacecloud.com)" }
>
>
> click Try and the Extractor preview is:
>
> date
>> 2016-10-21T21:06:05.8063946Z
>> threadid
>> 24
>> method
>> GET
>> level
>> INFO
>> requesterIp
>> 10.xxx.xxx.xxx
>> name
>> xxxxxxxx
>> correlationId
>> 1a5b2f5a-xxxx-4b19-xxxx-970008b4efa7
>> userAgent
>> Rackspace Monitoring/1.1 (https://monitoring.api.rackspacecloud.com)
>> message
>> GET:CheckStatus
>> url
>> /v1/status/xxxxxxxx-xxxx-43AE-xxxx-CF5003E44594
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/36f6667e-1dee-40bb-929a-580fdcded096%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
