Hello
do we need logstash in service in graylog server for reciving the logs
send by beats
as genarated configuration shows below details
filebeat:
prospectors:
- document_type: log
fields:
gl2_source_collector: 29a42246-401d-4097-8c52-22fff9b6869c
ignore_older: 10s
input_type: log
paths:
- /var/log/httpd/scalphanv2.justbuylive.in-access_log
scan_frequency: 0
tail_files: false
- document_type: log
fields:
gl2_source_collector: 29a42246-401d-4097-8c52-22fff9b6869c
ignore_older: 0
input_type: log
paths:
- /var/log/httpd/adminalphanv1.justbuylive.in-access_log
scan_frequency: 10s
tail_files: true
output:
logstash:
hosts:
- graylogip:5044
*REGARDS:KUNAL VIKAS PATIL9860265594*
On Thu, Sep 22, 2016 at 6:11 AM, Werner van der Merwe <
[email protected]> wrote:
> Hi Kunal,
>
> Kindly paste your configs, from what I can make out in the screenshot,
> your newline identifier is not set correctly. The %{host} is more than
> likely from incorrectly parsing the logs.
>
> If you're willing to try NXLog, they have snipets for the config in their
> doco:
> https://nxlog.org/documentation/nxlog-community-edition-reference-manual-
> v20928#processing_parsers_combined_log_format_example
>
> What might help, NXLog (or beats) is the application that ships logs to
> Graylog. Sidecar is an extension of Graylog allowing you to centralise,
> manage and distribute profiles to enable easier collection of logs.
> Thus, if you use sidecar, you don't have to worry about the config of
> NXLog (or beats), as that will be supplied by Sidecar.
>
> Sidecar on the client side, you select snippets as elements in the 'tags'
> array. But adding a tag in that array assumes you've created a
> configuration in Graylog and assigned a tag with similar name to the config
> element.
>
> On your client, you are calling the apache tag, which is correct. Just
> ensure you have a configuration matching that tag.
> In Graylog, browse System -> Collectors, then click the "Manage
> Collectors" button.
> This will present you with your different configurations, ensure one of
> them at least has the apache tag allocated to it.
>
> If it does, you only need to worry about the configuration within that
> entry. From what I see I am expecting the parser is not correctly
> configured.
>
>
> On Thursday, September 22, 2016 at 8:27:34 AM UTC+12, Kunal Patil wrote:
>>
>> Hello
>>
>> I have read the document previous issue has been resolved
>> i m getting data but some data come under %{host} source filed
>> I have configured apache logs as shown in documentation
>>
>> please refer attached screenshot
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *REGARDS:KUNAL VIKAS PATIL9860265594*
>>
>> On Thu, Sep 22, 2016 at 1:20 AM, Marius Sturm <[email protected]> wrote:
>>
>>> Kunal,
>>> please read the Sidecar documentation first. You have to create a
>>> configuration in the Graylog web interface and tag it with the same tag
>>> like you started the Sidecar instance. There is a step-by-step guide even
>>> with screenshots here: http://docs.graylog.org/en/2.1
>>> /pages/collector_sidecar.html#step-by-step-guide
>>>
>>> Cheers,
>>> Marius
>>>
>>>
>>> On 21 September 2016 at 20:52, Kunal Patil <[email protected]> wrote:
>>>
>>>> hello
>>>> Thanks for the quick reply and solution as you guys suggested i m
>>>> trying to implement filebeat with help of documentation but i m getting
>>>> below error on web gui please check ad revert
>>>>
>>>> Sidecar
>>>> Tags:apacheIP:
>>>> CPU Idle:99.47%Load:0.06Volumes > 75%:
>>>> ------------------------------
>>>> *Status*: No configuration found for configured tags!
>>>> Backends
>>>> *Filebeat*: Collector exits immediately, this should not happen!
>>>> Please check your collector configuration!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *REGARDS:KUNAL VIKAS PATIL9860265594*
>>>>
>>>> On Wed, Sep 21, 2016 at 9:22 PM, Jochen Schalanda <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Kunal,
>>>>>
>>>>> nxlog and Filebeat are two different log shippers, each with its own
>>>>> advantages and disadvantages, which are supported by the Graylog Collector
>>>>> Sidecar.
>>>>>
>>>>> Both, nxlog and Filebeat, do support multiline messages:
>>>>>
>>>>> - https://www.elastic.co/guide/en/beats/filebeat/1.3/multiline
>>>>> -examples.html
>>>>> - https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#
>>>>> xm_multiline
>>>>>
>>>>> It's up to you which log shipper you want to use in the end and how
>>>>> you configure it.
>>>>>
>>>>> Cheers,
>>>>> Jochen
>>>>>
>>>>> On Wednesday, 21 September 2016 17:43:44 UTC+2, Kunal Patil wrote:
>>>>>>
>>>>>> I m little confused here
>>>>>> After reading document
>>>>>> In document u guys have given steps for beat and nx log
>>>>>> configuration
>>>>>> Can u brief more about that
>>>>>> My doubt is
>>>>>> If i have beat to send data to graylog why i want nxlog
>>>>>> And if nxlog is required then what is role of beat
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "Graylog Users" group.
>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>>>>> pic/graylog2/QVxdxyLWmww/unsubscribe.
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/graylog2/42f77a7e-b46f-4df
>>>>> 6-9d2b-3366af1415da%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/graylog2/42f77a7e-b46f-4df6-9d2b-3366af1415da%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Graylog Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>>> gid/graylog2/CAJa2o%3D85b_XKO2sgzBvDJ5YjoBX-o3RFJjZ%3D%3DJOR
>>>> jw%3D2%3DktESA%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/graylog2/CAJa2o%3D85b_XKO2sgzBvDJ5YjoBX-o3RFJjZ%3D%3DJORjw%3D2%3DktESA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>>
>>> --
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com <https://www.torch.sh/>
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Graylog Users" group.
>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>>> pic/graylog2/QVxdxyLWmww/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/graylog2/CAMqbBbJfWA08j_rVraiJpHOA9cpHM4Gwvk0tyZ9Eu3e0kr
>>> RLiQ%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/graylog2/CAMqbBbJfWA08j_rVraiJpHOA9cpHM4Gwvk0tyZ9Eu3e0krRLiQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/QVxdxyLWmww/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/3f2fa765-99fc-479f-aea8-ce8222706151%40googlegroups.com
> <https://groups.google.com/d/msgid/graylog2/3f2fa765-99fc-479f-aea8-ce8222706151%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAJa2o%3D_oOTC%2BQEpDBnuBkzrAQDioKaA1mucwBKVXVyX2bn_TZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
