Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GELF output: GELF message has invalid timestamp #228

Open
8ear opened this issue May 2, 2020 · 0 comments
Open

GELF output: GELF message has invalid timestamp #228

8ear opened this issue May 2, 2020 · 0 comments

Comments

@8ear
Copy link

8ear commented May 2, 2020
edited
Loading

Hi,
I added the graygelf npm package and builded from your sematext/logagent:latest my customized logagent container.

Now I will transfer my collected logs from logagent to Graylog. But with the gelf-output I will only get the following errors at the Graylog side:

2020-05-02 09:26:04,078 WARN : org.graylog2.inputs.codecs.GelfCodec - GELF message <f19b14d3-8c56-11ea-971d-02420a2f0208> (received from <xx.xx.xx.xx:44149>) has invalid "timestamp": 2020-05-02T09:26:03.666Z  (type: STRING)
2020-05-02 09:26:04,078 WARN : org.graylog2.inputs.codecs.GelfCodec - GELF message <f19b14d8-8c56-11ea-971d-02420a2f0208> (received from <xx.xx.xx.xx:44149>) has invalid "timestamp": 2020-05-02T09:26:03.667Z  (type: STRING)
2020-05-02 09:26:04,078 WARN : org.graylog2.inputs.codecs.GelfCodec - GELF message <f19b14d9-8c56-11ea-971d-02420a2f0208> (received from <xx.xx.xx.xx:44149>) has invalid "timestamp": 2020-05-02T09:26:03.668Z  (type: STRING)
2020-05-02 09:26:04,078 WARN : org.graylog2.inputs.codecs.GelfCodec - GELF message <f19b14da-8c56-11ea-971d-02420a2f0208> (received from <xx.xx.xx.xx:44149>) has invalid "timestamp": 2020-05-02T09:26:03.668Z  (type: STRING)

How I can change the timestamp?

Config:

# /etc/sematext/logagent.conf

# Global options
options:
    # print stats every 60 seconds 
    printStats: 60
    # don't write parsed logs to stdout
    suppress: true
    # Enable/disable GeoIP lookups
    # Startup of logagent might be slower, when downloading the GeoIP database
    geoipEnabled: true
    # Directory to store Logagent status and temporary files
    # this is equals to LOGS_TMP_DIR env variable 
    diskBufferDir: /tmp/sematext-logagent
    includeOriginalLine: false

input:
    # a list of glob patterns to watch files to tail
    files:
        - "/host/var/log/**/*.log"
        - "/var/log/**/*.log"
    docker:
        module: docker-logs
        socket: /var/run/docker.sock
        labelFilter: com.docker.*,io.kubernetes.*,annotation.*
    syslog: # syslog udp
        address: 0.0.0.0
        port: 1514


outputFilter: 
    dockerEnrichment:
        module: docker-enrichment 
        autodetectSeverity: true
    geoip: 
        module: geoip
        fields: 
        - client_ip
        - remote_address

output:
    gelf:
        module: output-gelf
        host: graylog
        # graylog port (default: 12201)
        port: 12201
        # compression 'gzip' or 'deflate' (default: 'deflate')
        compressType: deflate
        # size of chunked messages in bytes (default: 1240)
        chunkSize: 1240

    stdout: pretty

Is there a other possible way to get the logs from logagent to Graylog?

Kind regards
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@8ear