Graylog: How to resolve the issue

This documentation is part of the Data mapping issues guide. View the full guide here: How to solve Graylog index data mapping problems.

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

To resolve this issue, you have 2 options:

The ideal solution is to standardize the data types used for fields across all systems sending data to Graylog. For example, ensure that the "level" field is always sent as either a string (like "error", "warn", etc.) or always as a number (3, 4, etc.). This consistency prevents mapping conflicts and ensures all documents are ingested correctly.

If standardizing data types across all systems is not feasible, you can use Graylog's pipelines to convert data types upon receipt. Pipelines allow you to define rules that transform data based on specific conditions.

To implement this solution:

  • Navigate to "System" > "Pipelines" in the Graylog web interface.
  • Click "Add new pipeline" to create a new pipeline.
  • Define rules to convert the "level" field (or other fields) to the desired data type. For example, you can convert numeric levels to their corresponding string representations (like 3 to "error", 4 to "warning", etc.).

This approach ensures that all incoming data conforms to the expected data types, preventing mapping conflicts.