Accept JSON as an input to the collector about collector HOT 8 OPEN

Can you show us an example JSON file and tell us which program is generating this?

We are trying to minimize the processing on the collector so this is probably something we will not implement except there are good reasons.

from collector.

I think I have the same feature request.

Currently we are using log2gelf to send messages already stored in JSON format from varnish. The varnishncsa daemon can be configured to store one message per line, so we already formatted it as GELF, we just need something to pick them up and send them to graylog reliably (when graylog is down, queue them, resume where it left last time etc)

The problem with current solution is that it uses more CPU than varnish itself... and needs to be manually restarted every time graylog goes down.

I don't see how this feature adds more processing time, since the message is already formatted as it should, it just needs to be somehow defined as json file format and attributes need to be correctly detected.

Thank you!

from collector.

Since Graylog 1.2.0, we ship a JSON Extractor which can be used to "expand" a JSON payload received as plaintext into a proper GELF message. You can read in the varnish log file with the Graylog Collector and use a JSON Extractor on the GELF TCP/UDP input.

from collector.

OK, thank you, I will try this solution, but I still think this should be the collector's job, this way we would avoid unnecessary processing power on the server.

from collector.

We designed the Graylog Collector exactly the other way round. The goal was to do as little preprocessing on the client machines as possible and move that complexity into the Graylog server nodes.

from collector.

I tried the solution, it works great, thank you!

from collector.

I'm struggling with this like crazy. I just want to send in some flat json to Graylog and have it fill in GELF info by extractor. I can almost send data in but it's like its discarding it as I get no recent message errors from the Extract page when clicking load message.

The documentation really is lacking here. A full fledged example of how to send JSON directly into Graylog would be extremely useful.

I'm trying to send AWS CloudTrail logs directly from S3 into Graylog (via Lambda). No, I'm not using the plugin which assumes a horribly cost inefficient model of CloudTrail -> SNS -> SQS <- Graylog (via pull).

from collector.

@et304383 We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our discussion forum or join the #graylog channel on freenode IRC.

Thank you!

from collector.