Open danieljamesscott opened 8 years ago
gyger
commented
7 years ago The problem is, that the GELF library (https://github.com/Graylog2/gelf-rb/blob/master/lib/gelf/notifier.rb), has default values set for facility (without underscore). If this value is not set, it is set by the library and then the facility is wrong in graylog2.
danielfarrelltelit
commented
9 months ago Confirming that this is still broken, nothing seems to have changed on this. In our environment we have an application that logs to Graylog directly and Graylog honors the facility that is designated by the application, but when the application logs through logstash with the gelf output, the facility is not honored as shown here.
It does not seem hands-tied impossible to fix this, as other applications can seem to log the facility to graylog without issue. I can provide additional information if it would be considered helpful.
What is the recommended replacement for sending the facility, given that the 'facility' field is deprecated?
I see references to 'additional' fields, and 'custom' fields, are these the same thing?
I posted a more detailed question on the logstash forum, but haven't had any replies:
https://discuss.elastic.co/t/configuring-dynamic-facility-with-gelf-output-plugin/28043