Hi Jan, Thanks for the reply.
Before I share our million different log messages, can we discuss on the basis that a single regex won't capture our messages? We have multiline exceptions, multiline SQL statements, multiline various other types of messages. If NXLog multiline handling is stronger, is there anything I may have missed in terms of NXLog setup? Are there other alternatives (other than decorating our messages) I haven't considered, or obviously missed? Thanks- --ab On Fri, Feb 17, 2017 at 2:49 AM, Jan Doberstein <[email protected]> wrote: > Hej Andy, > > if you want help with the multiline detection of filebeat, we would need > to have some information about your logfile. examples welcome. > > with your question about nxlog the limit for one message is reached - you > would need to configure this limit. But for this the NXLog Community might > be the best place to ask. > > regards > Jan > > On Thursday, February 16, 2017 at 11:16:55 PM UTC+1, Andy Badera wrote: >> >> Hello all- >> >> Windows app server into Graylog 2.1.0. >> >> Like many, we have multiline log messages. There is presently no clearly >> defined syntax around these messages, no end delimiter. >> >> I'm able to flow messages in using filebeat, but I can't capture >> multiline messages properly. I believe per a Graylog blog entry, I need a >> regex that matches the entire message. I don't think this is feasible with >> our widely-varied messages. We do have a well-defined phrase that starts >> every message, but I'm not sure how I would define the end of and capture >> the varied messages. >> >> I've tried NXLog outputting to the system input of GELF TCP. I suspect >> NXLog has better multiline handling, but I can't flow messages reliably >> using NXLog - I get shut down repeatedly by the string size limit error in >> nxlog.log: >> >> 2017-02-16 17:13:06 INFO connecting to 10.100.15.196:12201 >> 2017-02-16 17:13:06 INFO reconnecting in 1 seconds >> 2017-02-16 17:13:06 ERROR oversized string, limit is 1048576 bytes >> >> Is there any way for me to correct this string size limit issue using >> NXLog CE? >> >> Any other alternatives I'm not considering? Anything I'm doing obviously >> wrong, or missed? >> >> Thanks in advance! >> --ab >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/graylog2/hhVs0N5d9tQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/84085e67-c94c-4a41-a045-164452b77be7%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/84085e67-c94c-4a41-a045-164452b77be7%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAAD%3DdiqqeCrJhmuDkEcNXOjwsNUeYOWs7OVzE3hagLLxH8MCLA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
