Wireshark · Display Filter Reference: Graylog Extended Log Format

Display Filter Reference: Graylog Extended Log Format

Protocol field name: gelf

Versions: 3.2.0 to 3.2.7

Back to Display Filter Reference

Field name	Description	Type	Versions
gelf.broken_compression	Can\'t unpack message	Label	3.2.0 to 3.2.7
gelf.chunk.count	Chunk count	Unsigned integer, 1 byte	3.2.0 to 3.2.7
gelf.chunk.msg_id	Message id	Sequence of bytes	3.2.0 to 3.2.7
gelf.chunk.number	Chunk number	Unsigned integer, 1 byte	3.2.0 to 3.2.7
gelf.chunked	Chunked message	Boolean	3.2.0 to 3.2.7
gelf.fragment	GELF fragment	Frame number	3.2.0 to 3.2.7
gelf.fragment.count	GELF fragment count	Unsigned integer, 4 bytes	3.2.0 to 3.2.7
gelf.fragment.error	GELF defragmentation error	Frame number	3.2.0 to 3.2.7
gelf.fragment.multiple_tails	GELF has multiple tail fragments	Boolean	3.2.0 to 3.2.7
gelf.fragment.overlap	GELF fragment overlap	Boolean	3.2.0 to 3.2.7
gelf.fragment.overlap.conflicts	GELF fragment overlapping with conflicting data	Boolean	3.2.0 to 3.2.7
gelf.fragment.too_long_fragment	GELF fragment too long	Boolean	3.2.0 to 3.2.7
gelf.fragments	GELF fragments	Label	3.2.0 to 3.2.7
gelf.invalid_header	Invalid header	Label	3.2.0 to 3.2.7
gelf.reassembled.in	Reassembled GELF in frame	Frame number	3.2.0 to 3.2.7
gelf.reassembled.length	Reassembled GELF length	Unsigned integer, 4 bytes	3.2.0 to 3.2.7
gelf.type	GELF Type	Unsigned integer, 2 bytes	3.2.0 to 3.2.7

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11

• Full stack analysis – from packets to pages
• Rich performance metrics & pre-defined insights for fast problem identification/resolution
• Modular, flexible solution for deeply-analyzing network & application performance

Learn More