Display Filter Reference: Graylog Extended Log Format
Protocol field name: gelf
Versions: 3.2.0 to 4.0.0
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| gelf.broken_compression | Can't unpack message | Label | 3.2.0 to 4.0.0 |
| gelf.chunk.count | Chunk count | Unsigned integer (1 byte) | 3.2.0 to 4.0.0 |
| gelf.chunk.msg_id | Message id | Byte sequence | 3.2.0 to 4.0.0 |
| gelf.chunk.number | Chunk number | Unsigned integer (1 byte) | 3.2.0 to 4.0.0 |
| gelf.chunked | Chunked message | Boolean | 3.2.0 to 4.0.0 |
| gelf.fragment | GELF fragment | Frame number | 3.2.0 to 4.0.0 |
| gelf.fragment.count | GELF fragment count | Unsigned integer (4 bytes) | 3.2.0 to 4.0.0 |
| gelf.fragment.error | GELF defragmentation error | Frame number | 3.2.0 to 4.0.0 |
| gelf.fragment.multiple_tails | GELF has multiple tail fragments | Boolean | 3.2.0 to 4.0.0 |
| gelf.fragment.overlap | GELF fragment overlap | Boolean | 3.2.0 to 4.0.0 |
| gelf.fragment.overlap.conflicts | GELF fragment overlapping with conflicting data | Boolean | 3.2.0 to 4.0.0 |
| gelf.fragment.too_long_fragment | GELF fragment too long | Boolean | 3.2.0 to 4.0.0 |
| gelf.fragments | GELF fragments | Label | 3.2.0 to 4.0.0 |
| gelf.invalid_header | Invalid header | Label | 3.2.0 to 4.0.0 |
| gelf.reassembled.in | Reassembled GELF in frame | Frame number | 3.2.0 to 4.0.0 |
| gelf.reassembled.length | Reassembled GELF length | Unsigned integer (4 bytes) | 3.2.0 to 4.0.0 |
| gelf.type | GELF Type | Unsigned integer (2 bytes) | 3.2.0 to 4.0.0 |