How can I find messages in Graylog based on level (syslog severity/priority)

rsyslog graylog2
greggles picture greggles · Apr 10, 2015 · Viewed 11k times · Source

I'm storing data from Drupal into syslog into Graylog. I'd like to find all messages based on their severity (what Graylog seems to call level).

Here's a screenshot of some messages showing the "Level" field. These all happen to be Notices, but the search I entered is finding the word "Notice" in the message field, not in the Level field.

enter image description here

Answer

bjeavons picture bjeavons · Apr 10, 2015

Since the Drupal logs are going through syslog (and Drupal's watchdog severity matches RFC 5424 severity levels) the levels you're looking for are stored in graylog by their numeric ID, e.g. 0-7.

So, use search "level:5" to find messages with a severity level of notice.

I found this notation out by clicking into a Graylog message and then clicking on the level field. Clicking on a field within a message highlight will put that field into the search section where you can see the notation required.

Related questions

Confused with syslog message format

I am a bit confused about syslog message format. I have to write a program that parses syslog messages. When I read what I get in my syslog-ng instance I get messages like this: Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "…

Read More
How to configure syslog so that an applications log goes to a specific file

I have an application myapp which should send log files only to /var/log/myapp.log. myapp is written in C++. The following sample code, sends the logs to /var/log/syslog only. My os is Linux - Ubuntu 12.04 - …

Read More
Writing log data to syslog using log4j

I'm unable to write log messages into syslog. Any help would be great. Here is my simple log4j program import org.apache.log4j.Logger; import java.io.*; import java.sql.SQLException; import java.util.*; public class log4jExample { /* …

Read More