Menu
I'm storing data from Drupal into syslog into Graylog. I'd like to find all messages based on their severity (what Graylog seems to call level).
Here's a screenshot of some messages showing the "Level" field. These all happen to be Notices, but the search I entered is finding the word "Notice" in the message field, not in the Level field.
357
How to Setup Graylog as a Syslog Server. After you have Graylog installed, you need to set it up to collect the logs. Go under System -> Inputs menu, and then Launch a new input. Under the Select Input drop-down, pick Syslog UDP, and then pick the Launch new input button.
@pedrorijo91 You can use the "Syslog Serverity Mapper" which you can find in the "Decorator" tab (tested with Graylog 3.1). I don't know if this is going to be useful or not, but Graylog identifies level in a numeric fashion according to syslog system. Based on that, to search for a Warning message your search in Graylog can be as simple as:
We are exposing the rate of internal log messages (the log messages that Graylog writes about it’s own process), broken down by the log level. You’ll get 1, 5 and 15 minute rates of TRACE, DEBUG, INFO, WARNING, ERROR and FATAL log messages.
A Graylog setup is pretty worthless without any data in it. This page explains the basic principles of getting your data into the system and also explains common fallacies. What are Graylog message inputs? Message inputs are the Graylog parts responsible for accepting log messages. Some default messages types are available by default in Graylog.
Since the Drupal logs are going through syslog (and Drupal's watchdog severity matches RFC 5424 severity levels) the levels you're looking for are stored in graylog by their numeric ID, e.g. 0-7.
So, use search "level:5" to find messages with a severity level of notice.
I found this notation out by clicking into a Graylog message and then clicking on the level field. Clicking on a field within a message highlight will put that field into the search section where you can see the notation required.
58
I don't know if this is going to be useful or not, but Graylog identifies level in a numeric fashion according to syslog system.
0=Emergency,1=Alert,2=Critical,3=Error,4=Warning,5=Notice,6=Informational,7=Debug
Based on that, to search for a Warning message your search in Graylog can be as simple as:
level:4
in the search bar of Graylog. You may also use less that expression like:
level: <=4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
