Hi Alberto, the indexed message format used by Graylog is different from the format used by logstash. Additionally, Graylog only uses indices which start with the configured index prefix (https://github.com/Graylog2/graylog2-server/blob/1.0.2/misc/graylog2.conf#L138-139). In other words, you cannot use indices created and filled by logstash with Graylog.
Cheers, Jochen On Monday, 18 May 2015 12:30:57 UTC+2, Alberto Frosi wrote: > > Hi all, > > I have a problem to display in my graylog data from elasticearch. > In ES seems all fine: > > curl -XGET http://localhost:9200/_cat/shards > graylog2_897 0 p STARTED 507724 98.6mb 127.0.1.1 Wilbur Day > graylog2_897 3 p STARTED 501912 97.4mb 127.0.1.1 Wilbur Day > graylog2_897 1 p STARTED 501830 97.5mb 127.0.1.1 Wilbur Day > graylog2_897 2 p STARTED 496470 96.5mb 127.0.1.1 Wilbur Day > logstash-2015.05.18 0 p STARTED 11 26.4kb 127.0.1.1 Wilbur Day > logstash-2015.05.18 3 p STARTED 11 26.9kb 127.0.1.1 Wilbur Day > logstash-2015.05.18 1 p STARTED 16 30.5kb 127.0.1.1 Wilbur Day > logstash-2015.05.18 2 p STARTED 16 27.2kb 127.0.1.1 Wilbur Day > graylog2_898 0 p STARTED 509026 98.5mb 127.0.1.1 Wilbur Day > graylog2_898 3 p STARTED 500805 96.9mb 127.0.1.1 Wilbur Day > > > logstash-2015.05.18 It's the index name from logstash agent. > > In graylog I don't display anything from this index... > > Why? > Thanks a lot in advance > > Alberto > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
