[Question] Does this work with only one input ?

[philicious]

I have the scenario where nginx is running in a docker container. (basically everything of the platform is.) And it outputs access and error log into STDOUT and STDERR but dockers logging option doesnt split those streams (however docker logs can), so they end up in one Graylog input.

Is there a way getting this to work with only one input and mixed access/error logs in there?

Or do I need to go the path of having another container that has the nginx logs as volume and logs only access to STDOUT while the nginx container logs only error logs. Then I could hook both containers up to different GELF addresses.

[jalogisch]

@philicious with the current extractor this is not possible.

if you switch over to pipelines you can extract more based on conditions and this would be possible. But at the moment this is not possible.

We have plans to include pipelines in the contentpacks if they are out of experimental.

[philicious]

@jalogisch hm ye, thats what I thought. But I hoped I was wrong and missed sth and it would be possible.

anyways. solved it already with some hackish approach: I made logs folder a volume and have a tiny busybox container use it for continuously tailing one log and the nginx container continuously tails the other. so I have two containers which canhave two different GELF addresses (ports).

btw I opened a docker issue for discussion related to this scenario https://github.com/docker/docker/issues/25683. Being able to specify different GELF addresses for stdout/stderr might be more an idea for the GELF log driver thatn for logging drivers in general.