Hi I am trying to post events from my logs files to gelf_tcp (Graylog). My log records are in flat json format. I can push logs to gelf, however with few issues; I appreciate if you can help.

Issue 1: My log record has a field called "level". When the record is sent to Graylog, level does not match the one that I have in log file. I do parse_json() first and also I tried to explicitly set the value of level based on NXLog documentation https://nxlog.co/documentation/nxlog-user-guide/xm_gelf.html There is also something wrong with documentation. It says gelf understand field "SeverityLevel" but in the example in the same page it is using "SyslogSeverityLevel". I tried to explicitly set both fields with $level field but nothing changes in graylog.

Issue 2: I have timestamp filed in my log record which is ISO 8601 format. I could not find an easy way to parse it. the parsedata() function does not help there. I end up extracting date and time part from my field and then send it to parsedate($1 + " " + $2). If you know a better way, please let me know.

Thanks

Kev

Hi, I'm trying to send my custom jsotn to GrayLog. My json file is: { "Faxes": "68", "Last30DaysEmails": "9728", "TodayEmails": "66" } This is my nxlog config file: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_gelf Module xm_multiline HeaderLine /\d{4}-\d{2}-\d{2}\s\d*:\d\d:\d*,\d{3}\s[a-zA-Z]*\s\s\S\s\[Begin Lead\]/ EndLine /\d{4}-\d{2}-\d{2}\s\d*:\d\d:\d*,\d{3}\s[a-zA-Z]*\s\s\S\s\[End Lead\]/ Module xm_json Module im_file File "C:\\logs\\myfile.json" InputType multiline SavePos FALSE ReadFromLast FALSE Module om_udp Host 192.168.1.100 Port 3514 OutputType GELF Path im_file => om_udp Now my problems is: When I send the file to GrayLog server I see multi line with different messages (as json variable), and not all in a single message. How can do to configure correctly my system? Thanks for the support. Marco