index.html

<!DOCTYPE html>
<html lang="en-US">
<head>
	<style type="text/css">.ttfm1{font-family: 'dual300';font-size:em;line-height:em;color:;}  .ttfm2{font-family: 'Roboto';font-size:em;line-height:3em;color:;}</style>	<!--[if lt IE 9]>
	<script src="../../../../wp/wp-content/themes/rise/js/html5/dist/html5shiv.js"></script>
	<script src="//css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js"></script>
	<![endif]-->
	<!--[if IE 8]>
	<link rel="stylesheet" type="text/css" href="../../../../wp/wp-content/themes/rise/css/ie8.css"/>
	<![endif]-->
	<!--[if IE 7]>
	<link rel="stylesheet" type="text/css" href="../../../../wp/wp-content/themes/rise/css/ie7.css"/>
	<![endif]-->
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta charset="UTF-8">
	
			<meta name="google-site-verification" content="ovwnX0ej2kps4UuJ9NOzNjJcLOQD8JPDLNhe-hMYTMk">	
		<meta name="robots" content="index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1">

	<!-- This site is optimized with the Yoast SEO plugin v16.4 - https://yoast.com/wordpress/plugins/seo/ -->
	<title>StackStorm Centralized Logging with Graylog - StackStorm</title>
	<link rel="canonical" href="./index.html">
	<meta property="og:locale" content="en_US">
	<meta property="og:type" content="article">
	<meta property="og:title" content="StackStorm Centralized Logging with Graylog - StackStorm">
	<meta property="og:description" content="August 22, 2017 By Nick Maludy of Encore Technologies Want to implement centralized logging for your StackStorm deployment? Read on to find out how to send your StackStorm logs to Graylog, and produce pretty dashboards like this: Background: Centralised Logging and StackStorm One of the pillars of modern application deployments is aggregating its logs in&hellip;">
	<meta property="og:url" content="/2017/08/22/stackstorm-centralized-logging-graylog/">
	<meta property="og:site_name" content="StackStorm">
	<meta property="article:published_time" content="2017-08-22T23:45:41+00:00">
	<meta property="article:modified_time" content="2017-08-23T16:01:14+00:00">
	<meta property="og:image" content="../../../../wp/wp-content/uploads/2017/08/dashboard.png">
	<meta name="twitter:label1" content="Written by">
	<meta name="twitter:data1" content="st2admin">
	<meta name="twitter:label2" content="Est. reading time">
	<meta name="twitter:data2" content="11 minutes">
	<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"/#organization","name":"StackStorm","url":"/","sameAs":[],"logo":{"@type":"ImageObject","@id":"/#logo","inLanguage":"en-US","url":"../../../../wp/wp-content/uploads/2014/10/stackstorm-logo-header.png","contentUrl":"../../../../wp/wp-content/uploads/2014/10/stackstorm-logo-header.png","width":228,"height":59,"caption":"StackStorm"},"image":{"@id":"/#logo"}},{"@type":"WebSite","@id":"/#website","url":"/","name":"StackStorm","description":"Event-driven automation","publisher":{"@id":"/#organization"},"potentialAction":[{"@type":"SearchAction","target":"/?s={search_term_string}","query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#primaryimage","inLanguage":"en-US","url":"../../../../wp/wp-content/uploads/2017/08/dashboard.png","contentUrl":"../../../../wp/wp-content/uploads/2017/08/dashboard.png","width":975,"height":481},{"@type":"WebPage","@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#webpage","url":"/2017/08/22/stackstorm-centralized-logging-graylog/","name":"StackStorm Centralized Logging with Graylog - StackStorm","isPartOf":{"@id":"/#website"},"primaryImageOfPage":{"@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#primaryimage"},"datePublished":"2017-08-22T23:45:41+00:00","dateModified":"2017-08-23T16:01:14+00:00","breadcrumb":{"@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["/2017/08/22/stackstorm-centralized-logging-graylog/"]}]},{"@type":"BreadcrumbList","@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"item":{"@type":"WebPage","@id":"/","url":"/","name":"Home"}},{"@type":"ListItem","position":2,"item":{"@type":"WebPage","@id":"/blog/","url":"/blog/","name":"Blog"}},{"@type":"ListItem","position":3,"item":{"@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#webpage"}}]},{"@type":"Article","@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#article","isPartOf":{"@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#webpage"},"author":{"@id":"/#/schema/person/d2242d1dc5b3b5652be4c9175eb18000"},"headline":"StackStorm Centralized Logging with Graylog","datePublished":"2017-08-22T23:45:41+00:00","dateModified":"2017-08-23T16:01:14+00:00","mainEntityOfPage":{"@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#webpage"},"wordCount":1406,"commentCount":0,"publisher":{"@id":"/#organization"},"image":{"@id":"/2017/08/22/stackstorm-centralized-logging-graylog/#primaryimage"},"thumbnailUrl":"../../../../wp/wp-content/uploads/2017/08/dashboard.png","keywords":["Community","integrations","tutorial"],"articleSection":["Blog","Community","Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["/2017/08/22/stackstorm-centralized-logging-graylog/#respond"]}]},{"@type":"Person","@id":"/#/schema/person/d2242d1dc5b3b5652be4c9175eb18000","name":"st2admin","image":{"@type":"ImageObject","@id":"/#personlogo","inLanguage":"en-US","url":"https://secure.gravatar.com/avatar/67f6d678610d4b8a7b9a7e95a065695f?s=96&d=mm&r=g","contentUrl":"https://secure.gravatar.com/avatar/67f6d678610d4b8a7b9a7e95a065695f?s=96&d=mm&r=g","caption":"st2admin"},"url":"/author/support/"}]}</script>
	<!-- / Yoast SEO plugin. -->


<link rel="dns-prefetch" href="//s.w.org">
<link rel="alternate" type="application/rss+xml" title="StackStorm &raquo; StackStorm Centralized Logging with Graylog Comments Feed" href="/2017/08/22/stackstorm-centralized-logging-graylog/feed/">
		<script type="text/javascript">
			window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.0.1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.0.1\/svg\/","svgExt":".svg","source":{"concatemoji":"\/wp\/wp-includes\/js\/wp-emoji-release.min.js?ver=09e48cfb58fec140b4ee0c6d1d4da1b2"}};
			!function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([55357,56424,8205,55356,57212],[55357,56424,8203,55356,57212])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings);
		</script>
		<style type="text/css">img.wp-smiley,
img.emoji {
	display: inline !important;
	border: none !important;
	box-shadow: none !important;
	height: 1em !important;
	width: 1em !important;
	margin: 0 .07em !important;
	vertical-align: -0.1em !important;
	background: none !important;
	padding: 0 !important;
}</style>
	<link rel="stylesheet" id="dashicons-css" href="../../../../wp/wp-includes/css/dashicons.min.css?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" type="text/css" media="all">
<link rel="stylesheet" id="menu-icons-extra-css" href="../../../../wp/wp-content/plugins/menu-icons/css/extra.min.css?ver=0.12.8" type="text/css" media="all">
<link rel="stylesheet" id="wp-block-library-css" href="../../../../wp/wp-includes/css/dist/block-library/style.min.css?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" type="text/css" media="all">
<link rel="stylesheet" id="cookie-law-info-css" href="../../../../wp/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.3" type="text/css" media="all">
<link rel="stylesheet" id="cookie-law-info-gdpr-css" href="../../../../wp/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.3" type="text/css" media="all">
<link rel="stylesheet" id="testimonial-rotator-style-css" href="../../../../wp/wp-content/plugins/testimonial-rotator/testimonial-rotator-style.css?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" type="text/css" media="all">
<link rel="stylesheet" id="font-awesome-css" href="../../../../wp/wp-content/plugins/menu-icons/vendor/codeinwp/icon-picker/css/types/font-awesome.min.css?ver=4.7.0" type="text/css" media="all">
<link rel="stylesheet" id="rise-style-css" href="../../../../wp/wp-content/themes/stackstorm/style.css?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" type="text/css" media="all">
<link rel="stylesheet" id="thrive-reset-css" href="../../../../wp/wp-content/themes/rise/css/reset.css?v=1.101.1" type="text/css" media="all">
<link rel="stylesheet" id="thrive-main-style-css" href="../../../../wp/wp-content/themes/rise/css/main_blue.css?v=1.101.1" type="text/css" media="all">
<link rel="stylesheet" id="enlighterjs-css" href="../../../../wp/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=c8vUwCl5jS8Iu00" type="text/css" media="all">
<script type="text/javascript" src="../../../../wp/wp-includes/js/jquery/jquery.min.js?v=1.101.1" id="jquery-core-js"></script>
<script type="text/javascript" src="../../../../wp/wp-includes/js/jquery/jquery-migrate.min.js?v=1.101.1" id="jquery-migrate-js"></script>
<script type="text/javascript" id="cookie-law-info-js-extra">
/* <![CDATA[ */
var Cli_Data = {"nn_cookie_ids":[],"cookielist":[],"non_necessary_cookies":[],"ccpaEnabled":"","ccpaRegionBased":"","ccpaBarEnabled":"","strictlyEnabled":["necessary","obligatoire"],"ccpaType":"gdpr","js_blocking":"","custom_integration":"","triggerDomRefresh":"","secure_cookies":""};
var cli_cookiebar_settings = {"animate_speed_hide":"500","animate_speed_show":"500","background":"#384353","border":"#b1a6a6c2","border_on":"","button_1_button_colour":"#384353","button_1_button_hover":"#2d3642","button_1_link_colour":"#fff","button_1_as_button":"","button_1_new_win":"","button_2_button_colour":"#333","button_2_button_hover":"#292929","button_2_link_colour":"#00a5bf","button_2_as_button":"","button_2_hidebar":"1","button_3_button_colour":"#000","button_3_button_hover":"#000000","button_3_link_colour":"#fff","button_3_as_button":"1","button_3_new_win":"","button_4_button_colour":"#000","button_4_button_hover":"#000000","button_4_link_colour":"#fff","button_4_as_button":"1","button_7_button_colour":"#61a229","button_7_button_hover":"#4e8221","button_7_link_colour":"#fff","button_7_as_button":"1","button_7_new_win":"","font_family":"inherit","header_fix":"","notify_animate_hide":"1","notify_animate_show":"","notify_div_id":"#cookie-law-info-bar","notify_position_horizontal":"right","notify_position_vertical":"bottom","scroll_close":"","scroll_close_reload":"","accept_close_reload":"","reject_close_reload":"","showagain_tab":"1","showagain_background":"#fff","showagain_border":"#000","showagain_div_id":"#cookie-law-info-again","showagain_x_position":"100px","text":"#b7b7b7","show_once_yn":"","show_once":"10000","logging_on":"","as_popup":"","popup_overlay":"1","bar_heading_text":"","cookie_bar_as":"banner","popup_showagain_position":"bottom-right","widget_position":"left"};
var log_object = {"ajax_url":"\/wp\/wp-admin\/admin-ajax.php"};
/* ]]> */
</script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.3" id="cookie-law-info-js"></script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/testimonial-rotator/js/jquery.cycletwo.js?v=1.101.1" id="cycletwo-js"></script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/testimonial-rotator/js/jquery.cycletwo.addons.js?v=1.101.1" id="cycletwo-addons-js"></script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/easy-logo-slider/js/jquery.jcarousel.min.js?v=1.101.1" id="jquery_jcarousel_min-js"></script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/easy-logo-slider/js/jcarousel.responsive.js?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" id="jcarousel_responsive-js"></script>
<link rel="https://api.w.org/" href="/wp-json/">
<link rel="alternate" type="application/json" href="/wp-json../../../../wp/v2/posts/6981">
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="../../../../wp/xmlrpc.php?rsd">
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="../../../../wp/wp-includes/wlwmanifest.xml"> 

<link rel="shortlink" href="/?p=6981">
<link rel="alternate" type="application/json+oembed" href="/wp-json/oembed/1.0/embed?url=https%3A%2F%2F%2F2017%2F08%2F22%2Fstackstorm-centralized-logging-graylog%2F">
<link rel="alternate" type="text/xml+oembed" href="/wp-json/oembed/1.0/embed?url=https%3A%2F%2F%2F2017%2F08%2F22%2Fstackstorm-centralized-logging-graylog%2F&#038;format=xml">
<style type="text/css">:not(#tve) .ttfm1{font-family: 'dual300' !important;font-weight: 400 !important;}.ttfm1 input, .ttfm1 select, .ttfm1 textarea, .ttfm1 button {font-family: 'dual300' !important;font-weight: 400 !important;}:not(#tve) .ttfm2{font-family: 'Roboto' !important;font-weight: 400 !important;}.ttfm2 input, .ttfm2 select, .ttfm2 textarea, .ttfm2 button {font-family: 'Roboto' !important;font-weight: 400 !important;}:not(#tve) .ttfm2.bold_text,.ttfm2 .bold_text,.ttfm2 b,.ttfm2 strong{font-weight: 500 !important;}.ttfm2.bold_text,.ttfm2 .bold_text,.ttfm2 b,.ttfm2 strong input, .ttfm2.bold_text,.ttfm2 .bold_text,.ttfm2 b,.ttfm2 strong select, .ttfm2.bold_text,.ttfm2 .bold_text,.ttfm2 b,.ttfm2 strong textarea, .ttfm2.bold_text,.ttfm2 .bold_text,.ttfm2 b,.ttfm2 strong button {font-weight: 500 !important;}</style>
<style type="text/css" id="tve_global_variables">:root{--tcb-gradient-0:linear-gradient(180deg, #ff712c 0%, #000000 100%);}</style>		<style type="text/css">.wp-video-shortcode {
				max-width: 100% !important;
			}

			.bSe a {
				clear: right;
			}

			.bSe blockquote {
				clear: both;
			}
			body { background:#FFF; }.cnt article h1.entry-title a { color:#333; }.cnt article h2.entry-title a { color:#333; }.bSe h1, h1.entry-title, h1.entry-title a { color:#333; }.bSe h2 { color:#464545; }.bSe h3 { color:#333; }.bSe h4 { color:#333; }.bSe h5 { color:#333; }.bSe h6 { color:#333; }.bSe p, .mry .awr-e p { color:#666; }.cnt .bSe { color:#666; }.cnt h1 a, .tve-woocommerce .bSe .awr .entry-title, .tve-woocommerce .bSe .awr .page-title{font-family:Roboto,sans-serif;}.bSe h1{font-family:Roboto,sans-serif;}.bSe h2,.tve-woocommerce .bSe h2{font-family:Roboto,sans-serif;}.bSe h3,.tve-woocommerce .bSe h3{font-family:Roboto,sans-serif;}.bSe h4{font-family:Roboto,sans-serif;}.bSe h5{font-family:Roboto,sans-serif;}.bSe h6{font-family:Roboto,sans-serif;}#text_logo{font-family:Roboto,sans-serif;}.cnt h1 a { font-weight:500; }.bSe h1 { font-weight:500; }.bSe h2 { font-weight:500; }.bSe h3 { font-weight:500; }.bSe h4 { font-weight:500; }.bSe h5 { font-weight:500; }.bSe h6 { font-weight:500; }.cnt{font-family:Roboto,sans-serif;font-weight:300;}article strong {font-weight: bold;}.cnt p, .tve-woocommerce .product p, .tve-woocommerce .products p, .brd ul li, header nav ul li a, header nav ul li > ul li a, .has-extended.has-heading .colch, footer, footer .fmm p, .aut-f{font-family:Roboto,sans-serif;font-weight:300;}article strong {font-weight: bold;}.bSe h1, .bSe .entry-title { font-size:46px; }.cnt { font-size:18px; }.thrivecb { font-size:18px; }.out { font-size:18px; }.aut p { font-size:18px; }.cnt p { line-height:1.5em; }.thrivecb { line-height:1.5em; }.bSe a, .cnt a { color:#24447b; }.bSe .faq h4{font-family:Roboto,sans-serif;font-weight:300;}article strong {font-weight: bold;}header nav > ul.menu > li > a { color:#fff; }header nav > ul.menu > li >  a:hover { color:#fff; }header nav > ul > li.current_page_item > a:hover { color:#fff; }header nav > ul > li.current_menu_item > a:hover { color:#fff; }header nav > ul > li.current_menu_item > a:hover { color:#fff; }header nav > ul > li > a:active { color:#fff; }header #logo > a > img { max-width:200px; }header ul.menu > li.h-cta > a { color:#FFFFFF!important; }header ul.menu > li.h-cta > a { background:#4b7cc7; }header ul.menu > li.h-cta > a { border-color:#4b7cc7; }header ul.menu > li.h-cta > a:hover { color:#4b7cc7!important; }header ul.menu > li.h-cta > a:hover { background:#transparent; }</style>
		<style type="text/css">span.oe_textdirection { unicode-bidi: bidi-override; direction: rtl; }
	span.oe_displaynone { display: none; }</style>
<style type="text/css" id="thrive-default-styles">@media (min-width: 300px) { .tcb-style-wrap blockquote {color:rgb(102, 102, 102);background-color:rgba(0, 0, 0, 0);font-family:Roboto, sans-serif;font-size:18px;font-weight:300;font-style:normal;margin:;padding-top:0px;padding-bottom:0px;text-decoration:rgb(102, 102, 102);text-transform:none;border-left:;--tcb-applied-color:;} }</style>
<link rel="icon" href="../../../../wp/wp-content/uploads/2015/09/st2.png" sizes="32x32">
<link rel="icon" href="../../../../wp/wp-content/uploads/2015/09/st2.png" sizes="192x192">
<link rel="apple-touch-icon" href="../../../../wp/wp-content/uploads/2015/09/st2.png">
<meta name="msapplication-TileImage" content="../../../../wp/wp-content/uploads/2015/09/st2.png">
		<style type="text/css" id="wp-custom-css">/*
You can add your own CSS here.

Click the help icon above to learn more.
*/

.bSe ul:not([class]) {
margin-left: 20px;
margin-bottom: 15px;
}

.bSe ul:not([class]) li {
    padding-left: 0;
    margin-bottom: 5px;
    position: relative;
}

/* StackStorm "Donate" button */
li#menu-item-9062 a {
    display: inline-flex;
    justify-content: center;
    align-items: center;
    background-color: #418cc5;
    border: 3px solid #418cc5;
    color: #fff !important;
    text-decoration: none;
    height: 30px;
    border-radius: 20px;
    padding: 0 12px;
    font-weight: 400;
    transition: all .25s ease-in-out;
}
li#menu-item-9062 a:hover {
    color: #333 !important;
}
li#menu-item-9062 a:before {
    top: 0;
}</style>
					<style type="text/css">/* ***blog*** */

pre code {
        overflow: scroll !important;
	white-space: pre !important;
	font-size: 11px
}

header.side nav>ul>li {
    padding: 15px !important;
}

.cnt {
    margin-top: 50px !important;
}

.cnt a.customHref{
    color: #f82 !important;
}

.bSe ul li:before {
    content: '' !important;
    position: absolute;
    left: 0;
    top: -2px;
}

.bSe ul {
    list-style-type: disc !important;
}

.bSe table tbody tr{
    border-top-width:0px !important;
}

code {
    font-size: 0.9em !important;
}

pre{
    font-family: Monaco, MonacoRegular, monospace !important;
    font-size: 14px !important;
    background-color: rgb(250,253,255) !important;
    padding: 0px 3px 0px 3px !important;
    white-space: pre !important;
}

.bSe h1, .bSe .entry-title {
    line-height: 1.2;
    font-size: 40px;
}

.bSe h2 {
    font-weight: 300;
}

.bSe h2, .tve-woocommerce .bSe h2 {
    font-family: "Roboto",sans-serif;
}

.cnt p, .tve-woocommerce .product p, .tve-woocommerce .products p {
    font-family: Roboto,sans-serif;
    font-weight: 300;
}

p {
    margin-bottom: 15px;
}


header.fbh {
    height: 49px;
}
header #logo>a>img {
    max-width: 150px;
}

.gist .blob-code .blob-code-inner .js-file-line  {
    white-space: pre !important;
}</style>
		
</head>
<body class="post-template-default single single-post postid-6981 single-format-standard">


<!-- BEGIN LF Header --> 	<div id="lf-header" style="padding-bottom: 3px; padding-top: 3px;background: #252525;"> 		<div class="container wrp"> 			<a href="https://linuxfoundation.org/projects" target="_blank" rel="noopener noreferrer"> 				<img src="../../../../wp/wp-content/themes/stackstorm/images/logo_lf_projects_horizontal.png" style="max-width: 270px;"> 			</a> 		</div> 	</div> 	<!-- END LF Header -->

<div class="theme-wrapper">
	
	
	
	
	<div class="fln">
		<div class="wrp clearfix">
												<a class="fl-l" href="../../../../index.html">
						<img src="../../../../wp/wp-content/uploads/2016/10/StackStorm-logo228.png" alt="StackStorm">
					</a>
										<div class="fl-s clearfix">
																<ul>
																													</ul>
			</div>
		</div>
	</div>


	<div class="header-wrapper h-bi">
		<div id="floating_menu" data-float="float" data-social="0">
			<header class="side" style="">
								<div class="h-i">
					<div class="wrp">
														<div id="logo">
									<a href="../../../../index.html">
										<img src="../../../../wp/wp-content/uploads/2016/10/StackStorm-logo228.png" alt="StackStorm"></a>
								</div>
																					<div class="m-s">
								<div class="hsm"></div>
								<div class="m-si">
																												<nav class="menu-stackstorm-refresh-container"><ul id="menu-stackstorm-refresh" class="menu">
<li id="menu-item-5952" class="menu-item menu-item-type-custom menu-item-object-custom toplvl"><a href="../../../../features/index.html">Features</a></li>
<li id="menu-item-6100" class="menu-item menu-item-type-custom menu-item-object-custom toplvl"><a href="../../../../index.html#community">Community</a></li>
<li id="menu-item-4207" class="menu-item menu-item-type-custom menu-item-object-custom toplvl"><a target="_blank" href="http://docs.stackstorm.com/">Docs</a></li>
<li id="menu-item-8701" class="menu-item menu-item-type-custom menu-item-object-custom toplvl"><a href="https://exchange.stackstorm.org/">Exchange</a></li>
<li id="menu-item-2277" class="menu-item menu-item-type-custom menu-item-object-custom toplvl"><a href="../../../../blog/index.html">Blog</a></li>
<li id="menu-item-9062" class="menu-item menu-item-type-post_type menu-item-object-page toplvl"><a href="../../../../donate/index.html">Donate</a></li>
</ul></nav>										<!-- Cart Dropdown -->
									
																	</div>
							</div>
						
					</div>
				</div>

			</header>
		</div>
	</div>

	
	
	
	
			
		
		<div class="wrp cnt">


			<section class="bSe bpd">
				
<div class="awr">

	
	
	
				<h1 class="entry-title">StackStorm Centralized Logging with Graylog</h1>
		
	
	
		<div class="awr-i">
		<p><strong>August 22, 2017</strong><br>
<em>By Nick Maludy of <a href="http://www.encore.tech/">Encore Technologies</a></em></p>
<p>Want to implement centralized logging for your StackStorm deployment? Read on to find out how to send your StackStorm logs to Graylog, and produce pretty dashboards like this:</p>
<p><a href="../../../../wp/wp-content/uploads/2017/08/dashboard.png"><img loading="lazy" src="../../../../wp/wp-content/uploads/2017/08/dashboard.png" alt="" width="975" height="481" class="aligncenter size-full wp-image-6989" srcset="../../../../wp/wp-content/uploads/2017/08/dashboard.png 975w, ../../../../wp/wp-content/uploads/2017/08/dashboard-150x74.png 150w, ../../../../wp/wp-content/uploads/2017/08/dashboard-300x148.png 300w, ../../../../wp/wp-content/uploads/2017/08/dashboard-768x379.png 768w, ../../../../wp/wp-content/uploads/2017/08/dashboard-80x39.png 80w, ../../../../wp/wp-content/uploads/2017/08/dashboard-220x109.png 220w, ../../../../wp/wp-content/uploads/2017/08/dashboard-203x100.png 203w, ../../../../wp/wp-content/uploads/2017/08/dashboard-280x138.png 280w, ../../../../wp/wp-content/uploads/2017/08/dashboard-482x238.png 482w, ../../../../wp/wp-content/uploads/2017/08/dashboard-750x370.png 750w" sizes="(max-width: 975px) 100vw, 975px"></a></p>
<p><span id="more-6981"></span></p>
<h2>Background: Centralised Logging and StackStorm</h2>
<p>One of the pillars of modern application deployments is aggregating its logs in a centralized logging application such as ELK stack, Splunk or Graylog. Centralized logging allows engineers to format, index and query logs from across their stack and distributed applications and be able to access them in a single pane of glass. StackStorm is a distributed application with multiple services that can benefit greatly from centralized logging aggregation. In this blog post, we&#8217;ll investigate how to configure StackStorm to output structured logs, setup and configure Fluentd to ship these logs, and finally configure Graylog to receive, index and query the logs.</p>
<h2>Structured Logging</h2>
<p>Structured logging is a fancy term for writing log output from an application in JSON format. When logs are output in JSON this gives context for all of the information contained in each log message. This context allows log shippers to save precious CPU cycles by not having to parse out this information from plain text logs. It also allows centralized logging applications to effectively index the logs and provide it with multiple fields with which to query.</p>
<p>To demonstrate the difference between plain text logs and structured logs we&#8217;ll take an example from <code>st2api</code>. Below is an example of a standard log message that is written to <code>/var/log/st2/st2api.log</code>:</p>
<pre><code class="shell">2017-08-19 11:16:38,767 83927760 INFO mixins [-] Connected to amqp://guest:**@127.0.0.1:5672//
</code></pre>
<p>As you can see this has some information such as the timestamp, log level, and several other fields. If we were to try to utilize this in some meaningful way a parser would need to be written to extract the data fields. If the log message was instead written in a standard format (JSON) we could easily parse it and quickly make meaningful use of the fields within the message. Below is the structured logging message that corresponds to the plain text log from above.</p>
<pre><code class="json">{"version": "1.1", "level": 6, "timestamp": 1503174203, "_python": {"name": "kombu.mixins", "process": 76071, "module": "mixins", "funcName": "Consumer", "processName": "MainProcess", "lineno": 231, "filename": "mixins.py"}, "host": "stackstorm.domain.tld", "full_message": "Connected to amqp://guest:**@127.0.0.1:5672//", "short_message": "Connected to %s"}
</code></pre>
<p>This is great, but kind of hard to read. Below is the same log message formatted in a way that&#8217;s easier to read.</p>
<pre><code class="json">{
  "version": "1.1",
  "level": 6,
  "timestamp": 1503174203,
  "_python": {
    "name": "kombu.mixins",
    "process": 76071,
    "module": "mixins",
    "funcName": "Consumer",
    "processName": "MainProcess",
    "lineno": 231,
    "filename": "mixins.py"
  },
  "host": "stackstorm.domain.tld",
  "full_message": "Connected to amqp://guest:**@127.0.0.1:5672//",
  "short_message": "Connected to %s"
}
</code></pre>
<p>This output is in GELF (Graylog Extended Logging Format) JSON format. GELF log messages are nothing more than JSON with a few standard fields in the payload. The GELF payload specification can be found <a href="http://docs.graylog.org/en/2.3/pages/gelf.html#gelf-payload-specification">here</a>. GELF also defines two wire protocol formats, GELF UDP and GELF TCP that detail how GELF JSON log messages can be sent to Graylog.</p>
<h2>Log Shippers</h2>
<p>A log shipper is an application that reads in log messages from some source, usually a log file, potentially transforms the message and then transmits it to some destination, usually a log aggregation or centralized logging application. There are several commonly used log shippers out there including <a href="https://www.fluentd.org/">Fluentd</a>, <a href="https://www.elastic.co/products/logstash">Logstash</a>, and <a href="https://www.elastic.co/products/beats/filebeat">Filebeat</a>.</p>
<p>In this article we&#8217;re going to be using Fluentd because it was the easiest one to configure for parsing GELF JSON and shipping to Graylog.</p>
<h2>Architecture</h2>
<p>The setup detailed in this blog post will adhere to the following architecture:</p>
<p><a href="../../../../wp/wp-content/uploads/2017/08/pipeline.png"><img loading="lazy" src="../../../../wp/wp-content/uploads/2017/08/pipeline.png" alt="" width="403" height="647" class="aligncenter size-full wp-image-6990" srcset="../../../../wp/wp-content/uploads/2017/08/pipeline.png 403w, ../../../../wp/wp-content/uploads/2017/08/pipeline-93x150.png 93w, ../../../../wp/wp-content/uploads/2017/08/pipeline-187x300.png 187w, ../../../../wp/wp-content/uploads/2017/08/pipeline-50x80.png 50w, ../../../../wp/wp-content/uploads/2017/08/pipeline-137x220.png 137w, ../../../../wp/wp-content/uploads/2017/08/pipeline-62x100.png 62w, ../../../../wp/wp-content/uploads/2017/08/pipeline-148x238.png 148w, ../../../../wp/wp-content/uploads/2017/08/pipeline-258x415.png 258w, ../../../../wp/wp-content/uploads/2017/08/pipeline-303x487.png 303w, ../../../../wp/wp-content/uploads/2017/08/pipeline-371x595.png 371w" sizes="(max-width: 403px) 100vw, 403px"></a></p>
<p>First, StackStorm uses the Python <code>logging</code> module to write logs to <code>/var/log/st2/*.log</code> in GELF JSON format. The log shipper Fluentd monitors those log files for changes, reads in any new messages, converts them into GELF UDP format and sends that to Graylog. Finally, Graylog receives GELF UDP and indexes the log messages.</p>
<h2>Configuring StackStorm Logging</h2>
<p>StackStorm uses Python&#8217;s builtin <code>logging</code> module for application level logging. In this module there are two key concepts: <code>formatters</code> and <code>handlers</code>.</p>
<p>A <code>formatter</code> takes a log function call in python code and translates that into a string of text.</p>
<p><em>Python Logging Call</em></p>
<pre><code class="python">server = stackstorm.domain.tld
LOG.debug("Connecting to server %s".format(server))
</code></pre>
<p><em>Log String</em></p>
<pre><code class="text">2017-08-19 11:16:38,767 DEBUG [-] Connecting to server stackstorm.domain.tld
</code></pre>
<p><code>handlers</code> take the log message strings and writes it to some destination. The builtin <code>handlers</code> can write to a file, syslog, UDP, TCP and more.</p>
<p>StackStorm logging configuration files are written in the <code>logging</code> module&#8217;s <a href="https://docs.python.org/2/library/logging.config.html#configuration-file-format">configuration file format</a>. To configure StackStorm to write structured logs we&#8217;ll be editing the logging config file stored in <code>/etc/st2/logging.&lt;component&gt;.conf</code>. StackStorm ships with a formatter <code>st2common.logging.formatters.GelfLogFormatter</code> that emits structured logs in GELF format. Luckily StackStorm AUDIT logs utilize the <code>GelfLogFormatter</code> so there is a reference already defined that we can reuse. All we need to do is add another <code>handler</code> to each config that writes the GELF logs to a new file. We can define a new log handler by adding the following to every logging config:</p>
<pre><code class="ini"><br># For all components except actionrunner
[handler_gelfHandler]
class=handlers.RotatingFileHandler
level=DEBUG
formatter=gelfFormatter
args=("/var/log/st2/st2&lt;component&gt;.gelf.log",)

# For actionrunner only (needs a different handler classs)
[handler_gelfHandler]
class=st2common.log.FormatNamedFileHandler
level=INFO
formatter=gelfFormatter
args=("/var/log/st2/st2actionrunner.{pid}.gelf.log",)

</code></pre>
<p>Now that we have a new handler defined we need to tell the logger about it. To accomplish this we&#8217;ll need to add <code>gelfHandler</code> to the following sections:</p>
<pre><code class="ini">[handlers]
# add ', gelfHandler' the end of the following line
keys=consoleHandler, fileHandler, auditHandler, gelfHandler

[logger_root]
level=INFO
# add ', gelfHandler' the end of the following line
handlers=consoleHandler, fileHandler, auditHandler, gelfHandler
</code></pre>
<p>StackStorm should now be configured to write structured logs to <code>/var/log/st2/st2&lt;component&gt;.gelf.log</code>. In order for these changes to be realized we need to restart the StackStorm services. This can be accomplished by either restarting all StackStorm processes:</p>
<pre><code class="shell">st2ctl restart
</code></pre>
<p>Or we can restart just the components we&#8217;ve modified</p>
<pre><code class="shell">systemctl restart st2&lt;component&gt;
</code></pre>
<p>This is a good time to check <code>/var/log/st2/st2&lt;component&gt;.gelf.log</code> and make sure logs are present.</p>
<p>Astute readers may be asking &#8220;if the builtin logging facility provides a UDP handler, why not use it to send logs directly to Graylog?&#8221;. The answer is fairly simple, the <code>DatagramHandler</code> which writes log strings to UDP does NOT format the messages in GELF UDP format. GELF UDP requires a special header at the beginning of every packet. To accommodate this we&#8217;ll be using Fluentd in the next section to send the log message in GELF UDP format to Graylog.</p>
<h2>Configuring the Log Shipper Fluentd</h2>
<p>We&#8217;re going to use Fluentd to read from <code>/var/log/st2/st2&lt;component&gt;.gelf.log</code> and transform the log messages into GELF UDP format, then send those UDP packets to Graylog.</p>
<p>First we need to install Fluentd v0.14.</p>
<blockquote><p>
  <strong>Note</strong> Fluentd v0.14 is required if you would like sub-second resolution on your logging timestamps. In Fluentd v0.12 timestamps are rounded to 1-second resolution. This causes the messages in graylog to potentially be viewed out-of-order because Graylog doesn&#8217;t know which message came first within a 1-second interval.
</p></blockquote>
<p>Below are instructions for installation on RHEL 7, for all other platforms please follow the official documentation <a href="https://docs.fluentd.org/v0.14/categories/installation">here</a>.</p>
<blockquote><p>
  <strong>Note</strong> Fluentd is the name of the log shipping application and it is written by a company called Treasure Data (td). The agent installed on your machine is called <code>td-agent</code> and it wraps Fluentd in a service file that&#8217;s specific to your platform.
</p></blockquote>
<pre><code class="shell"># add GPG key
rpm --import https://packages.treasuredata.com/GPG-KEY-td-agent

# add treasure data repository to yum
cat &gt;/etc/yum.repos.d/td.repo &lt;&lt;'EOF'
[treasuredata]
name=TreasureData
baseurl=http://packages.treasuredata.com/3/redhat/\$releasever/\$basearch
gpgcheck=1
gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent
EOF

# update your sources
yum check-update

# install the toolbelt
yum install -y td-agent

# start service
systemctl start td-agent
systemctl enable td-agent
</code></pre>
<p>After installation we need to install a Fluentd plugin that implements GELF UDP output formatting.</p>
<pre><code class="shell">/usr/sbin/td-agent-gem install fluent-plugin-gelf-hs
</code></pre>
<p>Next we need to configure Fluentd to tail the new StackStorm log files we configured in the previous section. The default location for the Fluentd config file is <code>/etc/td-agent/td-agent.conf</code>:</p>
<pre><code class="shell">export GRAYLOG_SERVER=graylog.domain.tld
export GRAYLOG_GELF_UDP_PORT=12202
cat &gt;&gt; /etc/td-agent/td-agent.conf &lt;&lt; EOF
&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2actionrunner*.gelf.log
  tag st2actionrunner
  pos_file /var/run/td-agent/st2actionrunner.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2api.gelf.log
  tag st2api
  pos_file /var/run/td-agent/st2api.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2auth.gelf.log
  tag st2auth
  pos_file /var/run/td-agent/st2auth.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2garbagecollector.gelf.log
  tag st2garbagecollector
  pos_file /var/run/td-agent/st2garbagecollector.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2notifier.gelf.log
  tag st2notifier
  pos_file /var/run/td-agent/st2notifier.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2resultstracker.gelf.log
  tag st2resultstracker
  pos_file /var/run/td-agent/st2resultstracker.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2rulesengine.gelf.log
  tag st2rulesengine
  pos_file /var/run/td-agent/st2rulesengine.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2sensorcontainer.gelf.log
  tag st2sensorcontainer
  pos_file /var/run/td-agent/st2sensorcontainer.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;source&gt;
  type tail
  format json
  path /var/log/st2/st2stream.gelf.log
  tag st2stream
  pos_file /var/run/td-agent/st2stream.gelf.log.pos
  enable_watch_timer false
  estimate_current_event true
&lt;/source&gt;

&lt;match st2**&gt;
  type gelf 
  host $GRAYLOG_SERVER
  port $GRAYLOG_GELF_UDP_PORT
  protocol udp
  flush_interval 5s
  estimate_current_event true
&lt;/match&gt;
EOF
</code></pre>
<blockquote>
<p>
  <strong>Note</strong> <code>estimate_current_event true</code> is used in the config file because the timestamps emitted by StackStorm are rounded to 1-second resolutions. This is fixed in PR <a href="https://github.com/StackStorm/st2/pull/3662">#3662</a> where a new field <code>timestamp_f</code> is added to the GELF logging output. This PR has been merged and should be available in StackStorm <code>v2.4</code>. In these versions you can replace <code>estimate_current_event true</code> with:</p>
<pre><code class="shell">time_key timestamp_f
keep_time_key true
</code></pre>
</blockquote>
<p>Finally we need to restart Fluentd so that the config file changes are realized:</p>
<pre><code class="shell">systemctl restart td-agent
</code></pre>
<p>Fluentd should now be sending log messages to Graylog, however Graylog is not listening.</p>
<h2>Configuring Graylog</h2>
<p>To configure Graylog to receive GELF UDP messages we need to add a new <code>Input</code>. In the Graylog WebUI navigate to System &gt; Inputs:</p>
<p><a href="../../../../wp/wp-content/uploads/2017/08/inputs.png"><img loading="lazy" src="../../../../wp/wp-content/uploads/2017/08/inputs.png" alt="" width="600" height="405" class="aligncenter wp-image-6991" srcset="../../../../wp/wp-content/uploads/2017/08/inputs.png 975w, ../../../../wp/wp-content/uploads/2017/08/inputs-150x101.png 150w, ../../../../wp/wp-content/uploads/2017/08/inputs-300x202.png 300w, ../../../../wp/wp-content/uploads/2017/08/inputs-768x518.png 768w, ../../../../wp/wp-content/uploads/2017/08/inputs-80x54.png 80w, ../../../../wp/wp-content/uploads/2017/08/inputs-220x148.png 220w, ../../../../wp/wp-content/uploads/2017/08/inputs-148x100.png 148w, ../../../../wp/wp-content/uploads/2017/08/inputs-222x150.png 222w, ../../../../wp/wp-content/uploads/2017/08/inputs-353x238.png 353w, ../../../../wp/wp-content/uploads/2017/08/inputs-615x415.png 615w, ../../../../wp/wp-content/uploads/2017/08/inputs-722x487.png 722w, ../../../../wp/wp-content/uploads/2017/08/inputs-882x595.png 882w" sizes="(max-width: 600px) 100vw, 600px"></a></p>
<p>To add a new input click the dropdown <code>Select a new input type:</code> and select <code>GELF UDP</code> then press the button <code>Launch new Input</code>.</p>
<p><a href="../../../../wp/wp-content/uploads/2017/08/configure_input.png"><img loading="lazy" src="../../../../wp/wp-content/uploads/2017/08/configure_input.png" alt="" width="600" height="338" class="aligncenter wp-image-6992" srcset="../../../../wp/wp-content/uploads/2017/08/configure_input.png 975w, ../../../../wp/wp-content/uploads/2017/08/configure_input-150x85.png 150w, ../../../../wp/wp-content/uploads/2017/08/configure_input-300x169.png 300w, ../../../../wp/wp-content/uploads/2017/08/configure_input-768x433.png 768w, ../../../../wp/wp-content/uploads/2017/08/configure_input-80x45.png 80w, ../../../../wp/wp-content/uploads/2017/08/configure_input-220x124.png 220w, ../../../../wp/wp-content/uploads/2017/08/configure_input-177x100.png 177w, ../../../../wp/wp-content/uploads/2017/08/configure_input-266x150.png 266w, ../../../../wp/wp-content/uploads/2017/08/configure_input-422x238.png 422w, ../../../../wp/wp-content/uploads/2017/08/configure_input-736x415.png 736w, ../../../../wp/wp-content/uploads/2017/08/configure_input-863x487.png 863w" sizes="(max-width: 600px) 100vw, 600px"></a></p>
<p>In the new input dialog configure it with the following settings:</p>
<ul>
<li>Global = Yes</li>
<li>Name = GELF UDP</li>
<li>Port = 12202</li>
</ul>
<p>Leave all other settings as defaults, and click <strong>Save</strong>.</p>
<p><a href="../../../../wp/wp-content/uploads/2017/08/input_options.png"><img loading="lazy" src="../../../../wp/wp-content/uploads/2017/08/input_options.png" alt="" width="500" height="638" class="aligncenter wp-image-6993" srcset="../../../../wp/wp-content/uploads/2017/08/input_options.png 975w, ../../../../wp/wp-content/uploads/2017/08/input_options-118x150.png 118w, ../../../../wp/wp-content/uploads/2017/08/input_options-235x300.png 235w, ../../../../wp/wp-content/uploads/2017/08/input_options-768x980.png 768w, ../../../../wp/wp-content/uploads/2017/08/input_options-803x1024.png 803w, ../../../../wp/wp-content/uploads/2017/08/input_options-63x80.png 63w, ../../../../wp/wp-content/uploads/2017/08/input_options-172x220.png 172w, ../../../../wp/wp-content/uploads/2017/08/input_options-78x100.png 78w, ../../../../wp/wp-content/uploads/2017/08/input_options-187x238.png 187w, ../../../../wp/wp-content/uploads/2017/08/input_options-325x415.png 325w, ../../../../wp/wp-content/uploads/2017/08/input_options-382x487.png 382w, ../../../../wp/wp-content/uploads/2017/08/input_options-466x595.png 466w" sizes="(max-width: 500px) 100vw, 500px"></a></p>
<p>Why did we choose port 12202? Graylog, by default, logs its internal logs to udp/12201 so we need to choose a different port to differentiate the inputs. Graylog should now be receiving log messages from StackStorm.</p>
<p><a href="../../../../wp/wp-content/uploads/2017/08/log_search.png"><img loading="lazy" src="../../../../wp/wp-content/uploads/2017/08/log_search.png" alt="" width="975" height="494" class="aligncenter size-full wp-image-6994" srcset="../../../../wp/wp-content/uploads/2017/08/log_search.png 975w, ../../../../wp/wp-content/uploads/2017/08/log_search-150x76.png 150w, ../../../../wp/wp-content/uploads/2017/08/log_search-300x152.png 300w, ../../../../wp/wp-content/uploads/2017/08/log_search-768x389.png 768w, ../../../../wp/wp-content/uploads/2017/08/log_search-80x41.png 80w, ../../../../wp/wp-content/uploads/2017/08/log_search-220x111.png 220w, ../../../../wp/wp-content/uploads/2017/08/log_search-197x100.png 197w, ../../../../wp/wp-content/uploads/2017/08/log_search-280x142.png 280w, ../../../../wp/wp-content/uploads/2017/08/log_search-470x238.png 470w, ../../../../wp/wp-content/uploads/2017/08/log_search-750x380.png 750w, ../../../../wp/wp-content/uploads/2017/08/log_search-961x487.png 961w" sizes="(max-width: 975px) 100vw, 975px"></a></p>
<p>If you’re not seeing any messages flowing in you can always run an action <code>st2 run</code> or restart a service <code>systemctl restart st2api</code> and this should force logs to be written.</p>
<h2>Conclusion</h2>
<p>We’ve introduced you to structured logging and log shippers, then walked you through the configuration and setup of utilizing these technologies to stream StackStorm logs into the centralized logging application Graylog. Now that we have StackStorm logs into Graylog, what can we do with them? In a future blog post I’ll walk you through creating a dashboard that will provide insight and visualization of your StackStorm deployment.</p>
<h2>About The Author</h2>
<p>Nick Maludy is the DevOps Manager at <a href="http://www.encore.tech/">Encore Technologies</a>, a company out of Cincinnati Ohio that specializes in Datacenters, Cloud and Managed Services, Professional Services and Hardware Sales. Nick works in the Cloud and Managed Services organization that is focused on providing customers with tailored IT solutions to accelerate their business through automation and modernization.</p>	</div>
	<div class="clear"></div>
	
	
	
				<div class="pnav">
			<a class="pav left" href="../../../../2017/07/31/july-exchange-update/index.html">
				<span>Previous Post</span>
				<span>July Exchange Update</span>
			</a>
			<a class="pav right" href="../../../../2017/08/24/whats-stackstorm-2-4-already/index.html">
				<span>Next Post</span>
				<span>What&#8217;s This? StackStorm 2.4 Already?</span>
			</a>
		</div>
	</div>

	
<div id="disqus_thread"></div>
			</section>


		</div>
		<div class="clear"></div>
	

<div class="footer-wrapper">
<footer>
				<div class="fmw">
			<div class="wrp">
									<div class="colm oth ">
						<section id="text-7" class="col"><div class="scn">			<div class="textwidget">
<p><a href="http://docs.stackstorm.com/" target="_blank" rel="noopener">Documentation</a><br>
<a href="https://github.com/StackStorm" target="_blank" rel="noopener">GitHub</a><br>
<a href="../../../../index.html#community" target="_blank" rel="noopener">Community</a><br>
<a href="../../../../security/index.html" target="_blank" rel="noopener">Security</a></p>
</div>
		</div></section>					</div>
									<div class="colm oth ">
						<section id="text-8" class="col"><div class="scn">			<div class="textwidget">
<p><a href="../../../../blog/index.html">Blog</a><br>
<a href="https://www.youtube.com/channel/UCColc5CuBJ8-1SnALnkDz8Q">Video Gallery</a><br>
<a href="../../../../privacy-policy/index.html">Privacy Policy</a></p>
</div>
		</div></section>					</div>
									<div class="colm oth lst">
						<section id="text-9" class="col"><div class="scn">			<div class="textwidget">
<div style="line-height:1.7em;">
<a href="../../../../contact/index.html">Contact</a><br>

<div class="ic-social">
<a href="https://www.facebook.com/stackstormdevops" target="_blank" rel="noopener"><i class="fa fa-facebook-square"></i></a>
<a href="https://twitter.com/StackStorm" target="_blank" rel="noopener"><i class="fa fa-twitter-square"></i></a>
<a href="https://www.linkedin.com/company/stackstorm" target="_blank" rel="noopener"><i class="fa fa-linkedin-square"></i></a>
<a href="https://github.com/StackStorm" target="_blank" rel="noopener"><i class="fa fa-github-square"></i></a>
<a href="https://www.youtube.com/channel/UCColc5CuBJ8-1SnALnkDz8Q" target="_blank" rel="noopener"><i class="fa fa-youtube-square"></i></a>
</div>
</div>
<style type="text/css">.tve-leads-track-ribbon-46 {
  top: 70px !important;
}
.tve-leads-track-ribbon-46 #tve_four_set {
  font-family: 'Open Sans', Helvetica, Arial, Lucida, sans-serif;
}
.tve-leads-track-ribbon-46 #tve_four_set .thrv-ribbon {
border-top: 1px solid #ddd;
    box-shadow: 0px 4px 3px -4px rgba(0,0,0,0.75);
    padding-bottom: 0px !important;
    padding-top: 0px !important;
    border-right: none;
    border-left: none;
}
.tve-leads-track-ribbon-46 .bold_text {
  font-weight: normal;
}
.tve-leads-track-ribbon-46 #tve_four_set .tve-ribbon-close {
height: 30px;
    border-color: white;
    color: white;
    font-family: sans-serif;
    border-width: 2px;
    top: 50%;
    margin-top: -15px;
    font-size: 18px;
    font-weight: 800;
}</style>
</div>
		</div></section>					</div>
								<div class="clear"></div>
			</div>
		</div>
		<div class="fmm">
		<div class="wrp">
			<div class="ft-m">
							</div>
		</div>
		<div class="wrp">
			<div class="ft-c">
				<p>
											© 2021 StackStorm a Series of LF Projects, LLC. All rights reserved. For web site terms of use, trademark policy and other project policies please see <a href="https://lfprojects.org/">https://lfprojects.org/</a>. 
<br>For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage">Trademark Usage</a> page. Linux is a registered trademark of Linus Torvalds.  <a href="https://www.linuxfoundation.org/privacy">Privacy Policy</a> and <a href="https://www.linuxfoundation.org/terms">Terms of Use</a>.														</p>
			</div>
			<div class="ft-s">
												<ul>
																																		</ul>
			</div>
		</div>
		<div class="clear"></div>
	</div>
	</footer>
</div>


<!--googleoff: all--><div id="cookie-law-info-bar" data-nosnippet="true"><span>We use cookies for traffic analytics and ad and content personalization. By clicking on any of the content or interacting with any section of this website,<br>you are agreeing to this use of cookies in the manner described in our <a href="../../../../privacy-policy/index.html" id="CONSTANT_OPEN_URL" target="_blank" class="cli-plugin-main-link" style="display:inline-block;">Privacy Policy</a> <a role="button" tabindex="0" data-cli_action="accept" id="cookie_action_close_header" class="cli-plugin-main-button cookie_action_close_header cli_action_button" style="display:inline-block; ">close [x]</a></span></div>
<div id="cookie-law-info-again" style="display:none;" data-nosnippet="true"><span id="cookie_hdr_showagain">Privacy & Cookies Policy</span></div>
<div class="cli-modal" data-nosnippet="true" id="cliSettingsPopup" tabindex="-1" role="dialog" aria-labelledby="cliSettingsPopup" aria-hidden="true">
  <div class="cli-modal-dialog" role="document">
	<div class="cli-modal-content cli-bar-popup">
	  	<button type="button" class="cli-modal-close" id="cliModalClose">
			<svg class="" viewbox="0 0 24 24"><path d="M19 6.41l-1.41-1.41-5.59 5.59-5.59-5.59-1.41 1.41 5.59 5.59-5.59 5.59 1.41 1.41 5.59-5.59 5.59 5.59 1.41-1.41-5.59-5.59z"></path><path d="M0 0h24v24h-24z" fill="none"></path></svg>
			<span class="wt-cli-sr-only">Close</span>
	  	</button>
	  	<div class="cli-modal-body">
			<div class="cli-container-fluid cli-tab-container">
	<div class="cli-row">
		<div class="cli-col-12 cli-align-items-stretch cli-px-0">
			<div class="cli-privacy-overview">
				<h4>Privacy Overview</h4>				<div class="cli-privacy-content">
					<div class="cli-privacy-content-text">This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.</div>
				</div>
				<a class="cli-privacy-readmore" aria-label="Show more" tabindex="0" role="button" data-readmore-text="Show more" data-readless-text="Show less"></a>			</div>
		</div>
		<div class="cli-col-12 cli-align-items-stretch cli-px-0 cli-tab-section-container">
												<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="necessary" data-toggle="cli-toggle-tab">
								Necessary							</a>
							<div class="wt-cli-necessary-checkbox">
                        <input type="checkbox" class="cli-user-preference-checkbox" id="wt-cli-checkbox-necessary" data-id="checkbox-necessary" checked>
                        <label class="form-check-label" for="wt-cli-checkbox-necessary">Necessary</label>
                    </div>
                    <span class="cli-necessary-caption">Always Enabled</span> 						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="necessary">
								<p>Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.</p>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="non-necessary" data-toggle="cli-toggle-tab">
								Non-necessary							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-non-necessary" class="cli-user-preference-checkbox" data-id="checkbox-non-necessary" checked>
                        <label for="wt-cli-checkbox-non-necessary" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Non-necessary</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="non-necessary">
								<p>Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.</p>
							</div>
						</div>
					</div>
										</div>
	</div>
</div>
	  	</div>
	  	<div class="cli-modal-footer">
			<div class="wt-cli-element cli-container-fluid cli-tab-container">
				<div class="cli-row">
					<div class="cli-col-12 cli-align-items-stretch cli-px-0">
						<div class="cli-tab-footer wt-cli-privacy-overview-actions">
						
															<a id="wt-cli-privacy-save-btn" role="button" tabindex="0" data-cli-action="accept" class="wt-cli-privacy-btn cli_setting_save_button wt-cli-privacy-accept-btn cli-btn">SAVE & ACCEPT</a>
													</div>
						
					</div>
				</div>
			</div>
		</div>
	</div>
  </div>
</div>
<div class="cli-modal-backdrop cli-fade cli-settings-overlay"></div>
<div class="cli-modal-backdrop cli-fade cli-popupbar-overlay"></div>
<!--googleon: all--><script type="text/javascript">/**
 * Displays toast message from storage, it is used when the user is redirected after login
 */
if ( window.sessionStorage ) {
	window.addEventListener( 'load', function () {
		var message = sessionStorage.getItem( 'tcb_toast_message' );

		if ( message ) {
			tcbToast( sessionStorage.getItem( 'tcb_toast_message' ), false );
			sessionStorage.removeItem( 'tcb_toast_message' );
		}
	} );
}

/**
 * Displays toast message
 */
function tcbToast( message, error, callback ) {
	/* Also allow "message" objects */
	if ( typeof message !== 'string' ) {
		message = message.message || message.error || message.success;
	}
	if ( ! error ) {
		error = false;
	}

	let _icon = 'checkmark',
		_extra_class = '';
	if ( error ) {
		_icon = 'cross';
		_extra_class = ' tve-toast-error';
	}

	jQuery( 'body' ).slideDown( 'fast', function () {
		jQuery( 'body' ).prepend( '<div class="tvd-toast tve-fe-message"><div class="tve-toast-message"><div class="tve-toast-icon-container' + _extra_class + '"><span class="tve_tick thrv-svg-icon"><svg xmlns="http://www.w3.org/2000/svg" class="tcb-checkmark" style="width: 100%; height: 1em; stroke-width: 0; fill: #ffffff; stroke: #ffffff;" viewBox="0 0 32 32"><path d="M27 4l-15 15-7-7-5 5 12 12 20-20z"><\/path><\/svg><\/span><\/div><div class="tve-toast-message-container">' + message + '<\/div><\/div><\/div>' );
	} );

	setTimeout( function () {
		jQuery( '.tvd-toast' ).hide();

		if ( typeof callback === 'function' ) {
			callback();
		}

	}, 3000 );
}
</script><link rel="stylesheet" id="jcarouselresponsive-css" href="../../../../wp/wp-content/plugins/easy-logo-slider/css/jcarouselresponsive.css?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" type="text/css" media="all">
<link rel="stylesheet" id="style-admin-css" href="../../../../wp/wp-content/plugins/easy-logo-slider/css/style-admin.css?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" type="text/css" media="all">
<script type="text/javascript" id="disqus_count-js-extra">
/* <![CDATA[ */
var countVars = {"disqusShortname":"stackstorm"};
/* ]]> */
</script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22" id="disqus_count-js"></script>
<script type="text/javascript" id="disqus_embed-js-extra">
/* <![CDATA[ */
var embedVars = {"disqusConfig":{"integration":"wordpress 3.0.22"},"disqusIdentifier":"6981 \/?p=6981","disqusShortname":"stackstorm","disqusTitle":"StackStorm Centralized Logging with Graylog","disqusUrl":"\/2017\/08\/22\/stackstorm-centralized-logging-graylog\/","postId":"6981"};
/* ]]> */
</script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.22" id="disqus_embed-js"></script>
<script type="text/javascript" id="thrive-main-script-js-extra">
/* <![CDATA[ */
var ThriveApp = {"ajax_url":"\/wp\/wp-admin\/admin-ajax.php","is_singular":"1","post_type":"post","lazy_load_comments":"0","comments_loaded":"0","theme_uri":"\/wp\/wp-content\/themes\/rise","translations":{"ProductDetails":"Product Details"}};
/* ]]> */
</script>
<script type="text/javascript" src="../../../../wp/wp-content/themes/rise/js/script.js?v=1.101.1" id="thrive-main-script-js"></script>
<script type="text/javascript" id="tve-dash-frontend-js-extra">
/* <![CDATA[ */
var tve_dash_front = {"ajaxurl":"\/wp\/wp-admin\/admin-ajax.php","force_ajax_send":"","is_crawler":"1","recaptcha":[]};
/* ]]> */
</script>
<script type="text/javascript" src="../../../../wp/wp-content/themes/rise/thrive-dashboard/js/dist/frontend.min.js?ver=2.4.0.1" id="tve-dash-frontend-js"></script>
<script type="text/javascript" src="../../../../wp/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=c8vUwCl5jS8Iu00" id="enlighterjs-js"></script>
<script type="text/javascript" id="enlighterjs-js-after">
!function(e,n){if("undefined"!=typeof EnlighterJS){var o={"selectors":{"block":"pre.EnlighterJSRAW","inline":"code.EnlighterJSRAW"},"options":{"indent":2,"ampersandCleanup":true,"linehover":true,"rawcodeDbclick":false,"textOverflow":"break","linenumbers":false,"theme":"beyond","language":"python","retainCssClasses":false,"collapse":false,"toolbarOuter":"","toolbarTop":"{BTN_RAW}{BTN_COPY}{BTN_WINDOW}{BTN_WEBSITE}","toolbarBottom":""}};(e.EnlighterJSINIT=function(){EnlighterJS.init(o.selectors.block,o.selectors.inline,o.options)})()}else{(n&&(n.error||n.log)||function(){})("Error: EnlighterJS resources not loaded yet!")}}(window,console);
</script>
<script type="text/javascript" src="../../../../wp/wp-includes/js/wp-embed.min.js?ver=09e48cfb58fec140b4ee0c6d1d4da1b2" id="wp-embed-js"></script>
<script type="text/javascript">var tcb_post_lists=JSON.parse('[]');</script>
</div>
</body>
</html>