[graylog2] Upgrade 1.1.6 to 1.2 RC broke REST API using TLS?

[Tim Cooper]

I've just upgraded my Graylog installation to 1.2 RC and since the upgrade 
my graylog-web node can no longer connect to the REST API of either of my 
graylog-server nodes using TLS and I have had to revert back to HTTP.

I get these application logs (real domain removed) on the graylog-web node, 
any idea how I can further troubleshoot this? None of my configurations 
were changed or updated during the upgrade (which used the Ubuntu 14.04 
repository to do the upgrade) and it was working fine previously using TLS?

2015-09-02T09:12:05.913+01:00 - [ERROR] - from org.graylog2.restclient.lib.
ApiClient in pool-8-thread-1
https://server.example.com:12900

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cacc7402-3177-4e7d-a1c1-cc2e40b4f95f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Average and max value for a numeric field

[Jean-Luc Bassereau]

Hello,

In a logfile of a application we use, the last field indicates the elapsed
time of the transaction. Is there a way to create a dashboard with the
average of these values and the max value ?
Or maybe should I look into something like writting a Munin plguin for this
?


-- 
Regards,
Jean-Luc Bassereau

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAEoVnxbxHAg9yNUExYyvqS66catLMuPj-vhr0tCc%2B8to%2B07-wA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Average and max value for a numeric field

[Jean-Luc Bassereau]

Ahaha, that was too obvious for me to notice it...
Thanks a lot for the tip !

Regards

2015-09-02 9:43 GMT+02:00 Kay Röpke :

> Hi!
>
> If you extract that field (and make sure to use a numeric converter), you
> can use the statistics button on a search page.
> That will display a table containing the avg and max values across the
> search result.
> You can then add some of the statistics to a dashboard via the “add to
> dashboard” button. It allows you to select various statistical functions.
> Give them nice names and you should be all set.
>
> cheers,
> -k
>
> On 02 Sep 2015, at 09:40, Jean-Luc Bassereau 
> wrote:
>
> Hello,
>
> In a logfile of a application we use, the last field indicates the elapsed
> time of the transaction. Is there a way to create a dashboard with the
> average of these values and the max value ?
> Or maybe should I look into something like writting a Munin plguin for
> this ?
>
>
> --
> Regards,
> Jean-Luc Bassereau
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/CAEoVnxbxHAg9yNUExYyvqS66catLMuPj-vhr0tCc%2B8to%2B07-wA%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/8F4868E9-252D-4175-8687-D632BED062D3%40gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Cordialement,
Jean-Luc Bassereau

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAEoVnxZG2ucG1GowLUXDWDZ6mqm2F_tm95ZB6edrNLsKDYKEqg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: can't enable journal

[Ed Totman]

For anyone else who has this problem in the future the solution was to 
shutdown graylog delete /var/opt/graylog/data/journal/.kafka_cleanshutdown 
and restart

On Wednesday, September 2, 2015 at 10:17:34 AM UTC-7, Ed Totman wrote:
>
> kafka.common.KafkaException: Failed to acquire lock on file .lock in 
> /var/opt/graylog/data/journal. A Kafka instance in another process or 
> thread is using this directory.
>
> Stopped and restarted graylog-server, rebooted, deleted lock file, nothing 
> works.  Any suggestions?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/df6ef861-2bae-4f09-862a-753ddc3853bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Selecting range via histogram returns zero results (More Timezone woes?)

[Drew Miranda]

I've been suffering from this myself. There have been numerous issues 
opened on the issue tracker and they have addressed this the 1.2 release (i 
still haven't tested it yet).

On Tuesday, September 1, 2015 at 9:01:57 PM UTC-5, Werner van der Merwe 
wrote:
>
> It did indeed!
> Thanks very much
>
> On Wednesday, September 2, 2015 at 1:31:19 PM UTC+12, Drew Miranda wrote:
>>
>> Does running "Recalculate Index Ranges" (System -> Indices -> 
>> Maintenance) help?
>>
>> On Sunday, August 30, 2015 at 6:43:00 PM UTC-5, Werner van der Merwe 
>> wrote:
>>>
>>> Further Updates:
>>> A relative search works 100%
>>> Doing the same absolute search via Kibana, 2015-08-31 00:00:00 to 
>>> 2015-08-31 10:00:00, gets 2.4M hits
>>>
>>> Doing an absolute search from 2015-08-29 21:05:54.000 +12:00 to 
>>> 2015-08-31 11:07:00.000 +12:00 returns values with timestamps between 
>>> 2015-08-29 21:05:57.000 and 2015-08-31 11:07:00.000, as expected.
>>> Changing that down to 2015-08-30 21:05:54.000 +12:00 to 2015-08-31 
>>> 11:07:00.000 +12:00 returns zero values.  (?!?!?)
>>>
>>>


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b6c2b2c0-de9f-4a42-a4d8-0e556eef538d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog dashboard showing no messages for last 5 mins

[Drew Miranda]

Can you elaborate on your configuration?


   1. Is the dashboard using a query from a stream or global search?
   2. If you use the "play" button icon to replace the search are any 
   results present?
   3. When you do use the search and if the relative time frame is empty, 
   does an absolute search for the same range show any results?


On Wednesday, September 2, 2015 at 5:59:59 AM UTC-5, Sriranga Kulkarni 
wrote:
>
> I tried Recalculate index but still the same .
>
> I had disk space issue so stopped the graylog and increased my disk and 
> restarted the graylog. this was the only issue i faced. Moreover i have 
> time based retention of indices
>
>
>
> On Wednesday, September 2, 2015 at 6:58:14 AM UTC+5:30, Drew Miranda wrote:
>>
>> Do you have your indicies rollover due to retention policies where older 
>> indices are deleted? Also does running "Recalculate Index Ranges" (System 
>> -> Indices -> Maintenance) help?
>>
>>
>> On Tuesday, September 1, 2015 at 8:32:43 AM UTC-5, Sriranga Kulkarni 
>> wrote:
>>>
>>> Need help graylog dashboard not showing any messages for last 5 mins 
>>> where as i am able to see messages for last 15 mins. I used to get messages 
>>> for 5 mins before but donno what happened. 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c77f6ad7-5dfd-491b-8af0-d33ebaa8ac51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Grok apache filter not working ?!

[Jochen Schalanda]

Hi Vlad,

please make sure that all required Grok patterns, which COMBINEDAPACHELOG 
is using, have been correctly imported into your Graylog instance (System 
-> Grok Patterns). You can import existing patterns from 
https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns 
for example.


Cheers,
Jochen

On Wednesday, 2 September 2015 12:41:54 UTC+2, Vlaad P wrote:
>
> Hi Edmudo,
>
> I don't have a special pattern. Just %{COMBINEDAPACHELOG}.
> I'm not sure if that is enough or not.
>
> Regards,
> VP.
>
>
> On Wednesday, 2 September 2015 13:04:36 UTC+3, Edmundo Alvarez wrote:
>>
>> Hi, 
>>
>> most likely the log message is not matching the pattern you try to use. 
>> We can't help you much more if you don't share the Grok pattern you are 
>> using, please share the contents of the "COMBINEDAPACHELOG" pattern as you 
>> see in the System -> Grok patterns page. Please also be aware that the 
>> message preview in the extractors page is collapsing duplicated white 
>> spaces, so that may also be a cause of problems. 
>>
>> Regards, 
>> Edmundo 
>>
>> > On 02 Sep 2015, at 11:22, Vlaad P  wrote: 
>> > 
>> > Hi, 
>> > 
>> > Yes. And the same result. I have no errors on nodes. 
>> > P.S. Logs are shipped with rsyslog. Am I missing something? 
>> > 
>> > Thanks, 
>> > VP. 
>> > 
>> > On Tuesday, 1 September 2015 11:37:07 UTC+3, Jochen Schalanda wrote: 
>> > Hi, 
>> > 
>> > did you add the respective Grok patterns to your Graylog installation 
>> (System -> Grok Patterns)? Are there any error messages in the Graylog 
>> server node logs? 
>> > 
>> > 
>> > Cheers, 
>> > Jochen 
>> > 
>> > On Tuesday, 1 September 2015 10:34:55 UTC+2, VP wrote: 
>> > Hello, 
>> > 
>> > I have the following situation: 
>> > 
>> > Apache access log which is basically a %{COMBINEDAPACHELOG} 
>> > 
>> > 192.168.0.0 - - [31/Aug/2015:17:19:25 +0200] "POST 
>> /application/path/get-updates-for-period HTTP/1.1" 200 1141 "
>> https://some.site.com/index.php; "Mozilla/5.0 (Windows NT 6.1; WOW64; 
>> Trident/7.0; rv:11.0) like Gecko" 
>> > 
>> > I'm trying to create an extractor using that message and the grok 
>> pattern, but is not working. The error message is: 
>> > Attention 
>> > We were not able to run the grok extraction. Please check your 
>> parameters.e we 
>> > 
>> > Could someone help me? 
>> > 
>> > Many thanks! 
>> > 
>> > Regards, 
>> > VP. 
>> > 
>> > -- 
>> > You received this message because you are subscribed to the Google 
>> Groups "Graylog Users" group. 
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to graylog2+u...@googlegroups.com. 
>> > To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/2bcdfe87-aa37-4a9b-a530-32d513bde5eb%40googlegroups.com.
>>  
>>
>> > For more options, visit https://groups.google.com/d/optout. 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/13b80957-1783-45e7-8699-df75a1661f8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Upgrade 1.1.6 to 1.2 RC broke REST API using TLS?

[Tim Cooper]

Nothing else of note in either /var/log/graylog-server/server.log 
or /var/log/graylog-web/application.log. 

Server end doesn't seem to report any errors at all, last lines are that 
the inputs are running and everything looks well? Is there somewhere else I 
should be looking?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8283f9c6-7225-418e-b3c9-21a2fee119f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog dashboard showing no messages for last 5 mins

[Sriranga Kulkarni]

I tried Recalculate index but still the same .

I had disk space issue so stopped the graylog and increased my disk and 
restarted the graylog. this was the only issue i faced. Moreover i have 
time based retention of indices



On Wednesday, September 2, 2015 at 6:58:14 AM UTC+5:30, Drew Miranda wrote:
>
> Do you have your indicies rollover due to retention policies where older 
> indices are deleted? Also does running "Recalculate Index Ranges" (System 
> -> Indices -> Maintenance) help?
>
>
> On Tuesday, September 1, 2015 at 8:32:43 AM UTC-5, Sriranga Kulkarni wrote:
>>
>> Need help graylog dashboard not showing any messages for last 5 mins 
>> where as i am able to see messages for last 15 mins. I used to get messages 
>> for 5 mins before but donno what happened. 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a9eb579a-06c2-481c-a32c-241957a35440%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Grok apache filter not working ?!

[Vlaad P]

Hi,

Yes. And the same result. I have no errors on nodes. 
P.S. Logs are shipped with rsyslog. Am I missing something?

Thanks,
VP.

On Tuesday, 1 September 2015 11:37:07 UTC+3, Jochen Schalanda wrote:
>
> Hi,
>
> did you add the respective Grok patterns to your Graylog installation 
> (System -> Grok Patterns)? Are there any error messages in the Graylog 
> server node logs?
>
>
> Cheers,
> Jochen
>
> On Tuesday, 1 September 2015 10:34:55 UTC+2, VP wrote:
>>
>> Hello,
>>
>> I have the following situation:
>>
>> Apache access log which is basically a %{COMBINEDAPACHELOG}
>>
>> 192.168.0.0 - - [31/Aug/2015:17:19:25 +0200] "POST 
>> /application/path/get-updates-for-period HTTP/1.1" 200 1141 "
>> https://some.site.com/index.php; "Mozilla/5.0 (Windows NT 6.1; WOW64; 
>> Trident/7.0; rv:11.0) like Gecko"
>>
>> I'm trying to create an extractor using that message and the grok 
>> pattern, but is not working. The error message is:
>> Attention
>> We were not able to run the grok extraction. Please check your parameters.e 
>> we
>>
>> Could someone help me?
>>
>> Many thanks!
>>
>> Regards,
>> VP.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2bcdfe87-aa37-4a9b-a530-32d513bde5eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Grok apache filter not working ?!

[Edmundo Alvarez]

Hi,

most likely the log message is not matching the pattern you try to use. We 
can't help you much more if you don't share the Grok pattern you are using, 
please share the contents of the "COMBINEDAPACHELOG" pattern as you see in the 
System -> Grok patterns page. Please also be aware that the message preview in 
the extractors page is collapsing duplicated white spaces, so that may also be 
a cause of problems.

Regards,
Edmundo

> On 02 Sep 2015, at 11:22, Vlaad P  wrote:
> 
> Hi,
> 
> Yes. And the same result. I have no errors on nodes. 
> P.S. Logs are shipped with rsyslog. Am I missing something?
> 
> Thanks,
> VP.
> 
> On Tuesday, 1 September 2015 11:37:07 UTC+3, Jochen Schalanda wrote:
> Hi,
> 
> did you add the respective Grok patterns to your Graylog installation (System 
> -> Grok Patterns)? Are there any error messages in the Graylog server node 
> logs?
> 
> 
> Cheers,
> Jochen
> 
> On Tuesday, 1 September 2015 10:34:55 UTC+2, VP wrote:
> Hello,
> 
> I have the following situation:
> 
> Apache access log which is basically a %{COMBINEDAPACHELOG}
> 
> 192.168.0.0 - - [31/Aug/2015:17:19:25 +0200] "POST 
> /application/path/get-updates-for-period HTTP/1.1" 200 1141 
> "https://some.site.com/index.php; "Mozilla/5.0 (Windows NT 6.1; WOW64; 
> Trident/7.0; rv:11.0) like Gecko"
> 
> I'm trying to create an extractor using that message and the grok pattern, 
> but is not working. The error message is:
> Attention
> We were not able to run the grok extraction. Please check your parameters.e we
> 
> Could someone help me?
> 
> Many thanks!
> 
> Regards,
> VP.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/2bcdfe87-aa37-4a9b-a530-32d513bde5eb%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9A1642BD-45F2-4FFE-87D9-82BA4FB3E746%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] nginx logs not rotated

[Joan Picanyol i Puig]

Hi there,

We're using the 1.1.6 OVAs, and found out that nginx's logs are not
being rotated:

ubuntu@EXPGRAYLOG1:~$ sudo sh -c 'du -sh /var/log/graylog/nginx/*'
15G /var/log/graylog/nginx/access.log
4.0K/var/log/graylog/nginx/config
0   /var/log/graylog/nginx/current
244K/var/log/graylog/nginx/error.log
0   /var/log/graylog/nginx/lock

I'm unsure what the build process for the images is, but

https://github.com/Graylog2/omnibus-graylog2/blob/1.2/config/software/nginx.rb

tells me that this will likely still be a problem in 1.2.

I'd suggest just sending them to /dev/stdout and let runsv handle them.

keep up the good work
-- 
pica

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/20150902094904.GA71965%40grummit.biaix.org.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Grok apache filter not working ?!

[Vlaad P]

Hi Edmudo,

I don't have a special pattern. Just %{COMBINEDAPACHELOG}.
I'm not sure if that is enough or not.

Regards,
VP.


On Wednesday, 2 September 2015 13:04:36 UTC+3, Edmundo Alvarez wrote:
>
> Hi, 
>
> most likely the log message is not matching the pattern you try to use. We 
> can't help you much more if you don't share the Grok pattern you are using, 
> please share the contents of the "COMBINEDAPACHELOG" pattern as you see in 
> the System -> Grok patterns page. Please also be aware that the message 
> preview in the extractors page is collapsing duplicated white spaces, so 
> that may also be a cause of problems. 
>
> Regards, 
> Edmundo 
>
> > On 02 Sep 2015, at 11:22, Vlaad P  
> wrote: 
> > 
> > Hi, 
> > 
> > Yes. And the same result. I have no errors on nodes. 
> > P.S. Logs are shipped with rsyslog. Am I missing something? 
> > 
> > Thanks, 
> > VP. 
> > 
> > On Tuesday, 1 September 2015 11:37:07 UTC+3, Jochen Schalanda wrote: 
> > Hi, 
> > 
> > did you add the respective Grok patterns to your Graylog installation 
> (System -> Grok Patterns)? Are there any error messages in the Graylog 
> server node logs? 
> > 
> > 
> > Cheers, 
> > Jochen 
> > 
> > On Tuesday, 1 September 2015 10:34:55 UTC+2, VP wrote: 
> > Hello, 
> > 
> > I have the following situation: 
> > 
> > Apache access log which is basically a %{COMBINEDAPACHELOG} 
> > 
> > 192.168.0.0 - - [31/Aug/2015:17:19:25 +0200] "POST 
> /application/path/get-updates-for-period HTTP/1.1" 200 1141 "
> https://some.site.com/index.php; "Mozilla/5.0 (Windows NT 6.1; WOW64; 
> Trident/7.0; rv:11.0) like Gecko" 
> > 
> > I'm trying to create an extractor using that message and the grok 
> pattern, but is not working. The error message is: 
> > Attention 
> > We were not able to run the grok extraction. Please check your 
> parameters.e we 
> > 
> > Could someone help me? 
> > 
> > Many thanks! 
> > 
> > Regards, 
> > VP. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/2bcdfe87-aa37-4a9b-a530-32d513bde5eb%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d5758335-9224-4450-bb29-c8985d51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.