In our Symfony2 application we query an external API for a certain service we provide. This API (let's call it Acme API) sometimes throws error messages that we forward to Graylog2 via Monolog and Gelf to keep track of outages. Every error is logged on error level with $logger->err().
The messages are shown in the normal message pool, but the custom stream that collects these API error messages isn't showing any message at all.
So my main question is: Why is Graylog refusing to show messages in the stream and what can we do to change that behaviour?
Configurations
There is a total of 35 streams at the moment (This because we have a bunch of applications on our servers).
Every message that is given to Monolog has the same pattern:
Acme API Error on "{user action}": {error description}. Additional information: "{more information provided from the API}" on server "{web server name}" and domain "{domain}" for user "{session ID}"
The Graylog stream rules are as follows:
Host (regex): ^((?!mycompany-staging).)*$ // Needed to show only logs from the live servers
Facility: app
Full Message (regex): Acme API.*
(We've also tried to set the Full Message regex to .*Acme API.* and Acme API Error.*, but none of these worked)
The monolog configuration is as follows:
// config_prod.yml
// ...
monolog:
handlers:
main:
type: fingers_crossed
action_level: error
handler: nested
level: debug
nested:
type: stream
path: %kernel.logs_dir%/%kernel.environment%.log
level: debug
graylog:
type: gelf
level: warning
publisher:
hostname: mycompany-monitoring.mycompany.ch
// ...
Seemed to be a problem with Graylog2 itself, the stream started working normally after updating Graylog to the newest version and recreating the stream.