Graylog2 -> Is it possible to export the full_message (raw data) of an especific source? I mean the full_message, without any parsing?

Question

I have some logs that graylog2 is receiving using syslog input plugin.

I need to export them in the same format that i received, without any parsing, so I can send to the application support team.

I have setted the INPUT to keep the full_massage, but i dont know, how i can get them.

I have tried to export using the Export buttom (CSV), but the output, is not on full_message.

Is that possible ?

Thanks, Bruno

Answer 1

To export the 'full_message' field as a CSV file:

• Click on 'all fields' in the sidebar; this will reveal 'full_message' as a selectable field.
• Select 'full_message'.
• Export as CSV, then it will be in the CSV output.

Note: The CSV will always include the timestamp column, even if you only select 'full message', but you can always import into Excel and delete that column.

This feature has been available since Graylog 1.1.0-beta.2.

Answer 2

You could use the Graylog2 REST APIs to get any search result or single message as JSON. That JSON will include the raw message.