Graylog2 -> Is it possible to export the full_message (raw data) of an especific source? I mean the full_message, without any parsing?

logging graylog2
user3333673 picture user3333673 · Feb 20, 2014 · Viewed 8.7k times · Source

I have some logs that graylog2 is receiving using syslog input plugin.

I need to export them in the same format that i received, without any parsing, so I can send to the application support team.

I have setted the INPUT to keep the full_massage, but i dont know, how i can get them.

I have tried to export using the Export buttom (CSV), but the output, is not on full_message.

Is that possible ?

Thanks, Bruno

Answer

simon picture simon · Jul 21, 2015

To export the 'full_message' field as a CSV file:

  • Click on 'all fields' in the sidebar; this will reveal 'full_message' as a selectable field.
  • Select 'full_message'.
  • Export as CSV, then it will be in the CSV output.

Note: The CSV will always include the timestamp column, even if you only select 'full message', but you can always import into Excel and delete that column.

This feature has been available since Graylog 1.1.0-beta.2.

Related questions

How to handle multiple heterogeneous inputs with Logstash?

Let's say you have 2 very different types of logs such as technical and business logs and you want: raw technical logs be routed towards a graylog2 server using a gelf output, json business logs be stored into an elasticsearch cluster …

Read More
What are the main differences between Graylog2 and Kibana

What are the main differences between Graylog2 and Kibana? We already use Graylog2 but I must admit I don't really like the UI. Just wonder in case it may be helpful to switch to Kibana.

Read More
Graylog2- how to config logs retention to 1 week

We are using some Graylog2 servers ( graylog-server version 1.3.4). Because we receive too much of log messages, it requires a lot of memory. I am trying to reduce the logs retention to 1 week, every log messages older than 1 week will be …

Read More