GELF Output

Graylog provides a standardized log format called the Graylog Extended Log Format (GELF). This article focuses on setting up a GELF output, which allows you to manually export messages from one Graylog cluster to another in JSON without additional formatting.

Warning: The GELF output does NOT use the Enterprise Output Framework. This output can cause logs to build up in the output buffer and block logs being written to the indexer if it is unable to send data to the configured receiver.

Set Up a New GELF Output

To set up a new GELF output, follow the relevant output documentation and select GELF Output as your output type.

Configure a GELF Output

When you select a GELF output, you are presented with default configuration options. The following options can be modified depending on your preferences and existing settings: 

  • Protocol: This option is the protocol used to make a connection. Default is TCP but options such as TCP+TLS or UDP are also available.

  • TCP No Delay: This option uses Nagle's algorithm for a TCP connection. Checking this option improves the efficiency of the TCP/IP network by reducing the number of packets that need to be sent over the network.

Secure a GELF Output

You can secure a GELF output with SSL/TLS by selecting the TCP+TLS option under Protocol. The output TLS Trust Certificate Chain is optional. If you select this option, you must provide the full local path to the certificate chain file.

GELF Outbound Payload Format

All outputs in the Enterprise Output Framework can format their outbound payloads in GELF before sending. This format allows users utilizing the existing GELF Output to switch over to a journaled output seamlessly by selecting the GELF Outbound Payload Format option when setting up an Enterprise output. To configure an output with GELF Outbound Payload Format, here are the steps to follow :

UDP Raw/Plaintext

  1. Navigate to System >Outputs.

  2. Select the UDP Raw/Plaintext [Enterprise] output.

  3. Click the Launch new output button to launch the configuration window.

  4. Enter a title for the output.

  5. Select GELF as the outbound payload format.

  6. Update any other field values you need to change from the default values.

  7. Click the Create output button.

TCP Raw/Plaintext

  1. Navigate to System >Outputs.

  2. Select TCP Raw/Plaintext [Enterprise] output.

  3. Click the Launch new output button to launch the configuration window.

  4. Enter a title for the output.

  5. Select GELF as the outbound payload format.

  6. Click the Enable TLS check box to use TCP+TLS connection or Enable Mutual TLS which uses a TCP+mTLS connection.

  7. Update any other field values you need to change from the default values.

  8. Click the Create output button.