I think I have an idea as to what is going on, it looks to be a time zone / time issue. The packets were formatted correctly, hence no parsing errors. I was able to verify that by sending malformed packets and observing parsing errors.
However the packets sent by the test app seem to have been sent with a timestamp of local time, whereas the VM appliance running Graylog is in UTC. Subsequently the messages don't show up because they technically happened in the past. On Thursday, February 9, 2017 at 2:50:46 AM UTC-6, Jochen Schalanda wrote: > > Hi, > > On Thursday, 9 February 2017 06:54:30 UTC+1, IJFK wrote: >> >> I'm sending Syslog packets in Gelf format (I successfully validated the >> Json), and no matter what I do, the packets don't show up. There is no >> parsing error or anything, the data just doesn't show up. >> > > How exactly are you sending messages? How did you configure the clients? > How did you configure the inputs (and which types) in Graylog? > > > I already created a Raw/UDP input & stream, which does show the messages >> coming in, I also verified with tcpdump that they are actually making it to >> the server. >> > > This sounds like they are simply not valid GELF messages. > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0417175d-532f-4992-a9a1-49b78ef7eebd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
