Home

GELF

GELF, or Graylog Extended Log Format, is a log format designed to enable centralized, structured logging. It is an open format created by Graylog for sending log messages to Graylog servers and other systems that understand GELF. The format is JSON-based and structured to carry both essential metadata and application data in a way that is easy to parse and search.

A GELF message typically includes required fields such as version, host, and short_message. Optional fields include

GELF messages can be carried over multiple transports, most commonly UDP, TCP, or HTTP. UDP is efficient

Adoption of GELF is widespread in modern logging stacks, particularly where Graylog is used, and it has

full_message,
timestamp,
level,
and
facility.
In
addition,
any
number
of
custom
fields
may
be
included,
provided
they
are
prefixed
with
an
underscore,
for
example
_user_id
or
_transaction_id.
The
timestamp
is
a
UNIX
epoch
value
with
fractional
seconds
allowed,
and
level
follows
the
syslog
severity
scale.
for
high-volume,
low-latency
scenarios,
while
TCP
and
HTTP
inputs
are
preferred
when
reliability
and
firewall
traversal
are
priorities.
GELF
also
supports
compression
and
message
chunking
to
accommodate
large
payloads:
messages
may
be
compressed
to
reduce
bandwidth
and
large
messages
can
be
split
into
chunks
and
reassembled
by
the
receiver.
influenced
other
log
collectors
to
support
structured,
JSON-based
logging.
The
format
emphasizes
machine
readability
and
structured
data
to
facilitate
filtering,
searching,
and
visualization
in
dashboards
and
analytics
tools.