8

I have some logs that graylog2 is receiving using syslog input plugin.

I need to export them in the same format that i received, without any parsing, so I can send to the application support team.

I have setted the INPUT to keep the full_massage, but i dont know, how i can get them.

I have tried to export using the Export buttom (CSV), but the output, is not on full_message.

Is that possible ?

Thanks, Bruno

user3333673
  • 81
  • 1
  • 1
  • 2

3 Answers3

8

To export the 'full_message' field as a CSV file:

  • Click on 'all fields' in the sidebar; this will reveal 'full_message' as a selectable field.
  • Select 'full_message'.
  • Export as CSV, then it will be in the CSV output.

Note: The CSV will always include the timestamp column, even if you only select 'full message', but you can always import into Excel and delete that column.

This feature has been available since Graylog 1.1.0-beta.2.

sleske
  • 81,358
  • 34
  • 189
  • 227
simon
  • 81
  • 1
  • 2
2

You could use the Graylog2 REST APIs to get any search result or single message as JSON. That JSON will include the raw message.

Lennart Koopmann
  • 20,313
  • 4
  • 26
  • 33
  • See [Searching for Gray Log 2 API or a way to query ElasticSearch](http://stackoverflow.com/questions/15812470/searching-for-gray-log-2-api-or-a-way-to-query-elasticsearch) for more information on the REST API. – sleske May 11 '15 at 14:28
0

Graylog becomes unresponsive when I click "all fields".

My work-around is to modify the ReST call (in the address bar). I change ...fields=message... to be ...fields=full_message..., and hit enter to rerun the call. This reloads the page, and you can then export the csv file as normal, and it now includes the full_message field.

D3VON
  • 43
  • 1
  • 7