unable to send messages to graylog server using logstash

Question

I am using logstash to send messages to graylog server. I have been successful in sending messages directly to elasticsearch or stdout or loggly. I have also been successful in sending messages to graylog server using cURL.

curl -XPOST http://graylog.example.org:12202/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}'

Here is the command I am using to send data using logstash to graylog

bin/logstash -e 'input { stdin {} } output { gelf {host => "graylog.example.org" port => 12202 } }' < LOG-10

File LOG-10 has log messages. I have tried port 12201 too. I looked into debug messages from logstash but that was also not useful.

Answer 1

It turns out that logstash gelf.rb is not using TCP, but UDP. https://github.com/Graylog2/gelf-rb/pull/21

I had to add "GELF UDP" as one of the graylog message input (responsible for accepting log messages). This can be accessed from graylog web interface system inputs.