Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
json extractor prefix #1646
Right now you can not add a prefix to the json parser, this means if a json contains fields like timestamp or message the root field is overwritten.
In this case the message cannot be written to elasticsearch
This is the a sample field sensu:
With prefix graylog could create new fields like
changed the title from
json extractor allow prefix
json extractor prefix
Dec 22, 2015
Log messages like this cannot be processed by Graylog, causing them to be dropped, which I think is a really bad and surprising behaviour. At the very least, this should be documented in JSON extractor page about reserved fields: what they are, how to overwrite them correctly, etc.
This is a really big issue. Our messages all have a
Processing messages like that with the JSON extractor leads to this error: "[MapperParsingException[failed to parse [level]]; nested: NumberFormatException[For input string: "INFO"];]"