Wireshark · Display Filter Reference: Graylog Extended Log Format

Display Filter Reference: Graylog Extended Log Format

Protocol field name: gelf

Versions: 3.2.0 to 4.2.4

Field name	Description	Type	Versions
gelf.broken_compression	Can't unpack message	Label	3.2.0 to 4.2.4
gelf.chunk.count	Chunk count	Unsigned integer (8 bits)	3.2.0 to 4.2.4
gelf.chunk.msg_id	Message id	Byte sequence	3.2.0 to 4.2.4
gelf.chunk.number	Chunk number	Unsigned integer (8 bits)	3.2.0 to 4.2.4
gelf.chunked	Chunked message	Boolean	3.2.0 to 4.2.4
gelf.fragment	GELF fragment	Frame number	3.2.0 to 4.2.4
gelf.fragment.count	GELF fragment count	Unsigned integer (32 bits)	3.2.0 to 4.2.4
gelf.fragment.error	GELF defragmentation error	Frame number	3.2.0 to 4.2.4
gelf.fragment.multiple_tails	GELF has multiple tail fragments	Boolean	3.2.0 to 4.2.4
gelf.fragment.overlap	GELF fragment overlap	Boolean	3.2.0 to 4.2.4
gelf.fragment.overlap.conflicts	GELF fragment overlapping with conflicting data	Boolean	3.2.0 to 4.2.4
gelf.fragment.too_long_fragment	GELF fragment too long	Boolean	3.2.0 to 4.2.4
gelf.fragments	GELF fragments	Label	3.2.0 to 4.2.4
gelf.invalid_header	Invalid header	Label	3.2.0 to 4.2.4
gelf.reassembled.in	Reassembled GELF in frame	Frame number	3.2.0 to 4.2.4
gelf.reassembled.length	Reassembled GELF length	Unsigned integer (32 bits)	3.2.0 to 4.2.4
gelf.type	GELF Type	Unsigned integer (16 bits)	3.2.0 to 4.2.4