Graylog provides a standardized log format called the Graylog Extended Log Format (GELF). This focus of this article is on setting up a GELF output, which allows you to manually export messages from one Graylog cluster to another in JSON without additional formatting.

WarningThe GELF output does NOT use the Operations Output Framework. This output may cause logs to build up in the output buffer and block logs being written to the indexer if it is unable to send data to the configured receiver.

Set Up a New GELF Output

To set up a new GELF output, follow the relevant output documentation and select "GELF Output" as your output type.

Configure a GELF Output

Once you select a GELF output, you will be presented with default configuration options. The following options may need to be modified depending on your preferences and existing settings: 

  • Protocol: This is the protocol used to make a connection. Default is TCP but options such as TCP+TLS or UDP are also available.

  • TCP No Delay: This is the option to use Nagle's algorithm for a TCP connection. Checking this option will improve the efficiency of the TCP/IP network by reducing the number of packets that need to be sent over the network.

Secure a GELF Output

It is possible to secure a GELF output with SSL/TLS by selecting the TCP+TLS option under Protocol. The output TLS Trust Certificate Chain is optional. If you select this option, you must provide the full local path to the certificate chain file.