Re: [graylog2] Problem with streeam alerts after updating to graylog1.2
Send it by mail hth,, Arie On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez wrote: > > We saw a similar problem with an alert callback that was created in 1.0, > it could be the same problem that you are experiencing. Could you share > with us your "alarmcallbackconfigurations" MongoDB collection in order to > further investigate the issue? Please send it to edm...@graylog.com > if it contains any sensitive information. > > In case you don't know how to get the collection, you can get the MongoDB > collection by executing the following command in a terminal: > mongo :/ <<< > 'db.alarmcallbackconfigurations.find()' > > Please remember to replace , , and > with the actual values for your environment. You > may also need to add a username and password if your setup requires > authentication. > > Edmundo > > > On 16 Sep 2015, at 13:09, Arie> wrote: > > > > That is very well possible, 1.0 or 1.01 but not totally shore of it. > > > > In one of the upgrades I had a problem with some data that was the > result of a Yum update from repository > > where old data was deleted an a wrong/missing node-id file. > > > > We use the contend-pack function for backup of a lot of settings, an > what I see now is that the callback > > function is not present there, and may be missing in my present stream > configs. > > > > Arie > > > > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: > > That previous 1.1 version, was it an upgrade from 1.0 by any chance? > > > > Edmundo > > > > > On 16 Sep 2015, at 11:39, Arie wrote: > > > > > > And second: > > > > > > In the alert the "callbacks" part in the GUI keeps "loading" going on > endlesly. > > > I remember editing the calback email condition so we are closer intho > the problem I guess > > > > > > Arie > > > > > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo Alvarez: > > > Hi Arie, > > > > > > From which version did you upgrade to 1.2? It would also be helpful to > know if that was a clean installation or an upgrade from an even earlier > version. > > > > > > Regards, > > > > > > Edmundo > > > > > > > On 16 Sep 2015, at 11:10, Arie wrote: > > > > > > > > I'dd had an error on producing the clone, but it appeard to be > there. After putting the receivers in it, > > > > il looks like it is worrking. So whot is wrong with the original > alerts. ? > > > > > > > > > > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: > > > > Cloning the stream is not possible either > > > > > > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: > > > > Hi, > > > > > > > > we are encountering problems with stream alerts after the update. > > > > When editing/testing the alert condition we get this message in the > GUI. > > > > > > > > Could not retrieve AlarmCallbacks > > > > Fetching AlarmCallbacks failed with status: Internal Server Error > > > > > > > > > > > > server logfile (partial): > > > > > > > > ERROR [AnyExceptionClassMapper] Unhandled exception in REST > resource > > > > com.mongodb.MongoException$Network: Read operation to server > localhost:27017 failed on database graylog2 > > > > at > com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) > > > > at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) > > > > at > com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) > > > > at > com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:66) > > > > at com.mongodb.DBCursor._check(DBCursor.java:498) > > > > at com.mongodb.DBCursor._hasNext(DBCursor.java:621) > > > > at com.mongodb.DBCursor._fill(DBCursor.java:726) > > > > at com.mongodb.DBCursor.toArray(DBCursor.java:763) > > > > at org.mongojack.DBCursor.toArray(DBCursor.java:426) > > > > at org.mongojack.DBCursor.toArray(DBCursor.java:411) > > > > > > > > > > > > Caused by: com.fasterxml.jackson.databind.JsonMappingException: Can > not construct instance of java.lang.String, problem: Expected an ObjectId > to deserialise to string, but found class java.lang.String > > > > at [Source: > de.undercouch.bson4jackson.io.LittleEndianInputStream@2909ef06; pos: 21] > (through reference chain: > org.graylog2.alarmcallbacks.AlarmCallbackConfigurationAVImpl["id"]) > > > > at > com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:148) > > > > > > at > com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:889) > > > > > > at > org.mongojack.internal.ObjectIdDeserializers$ToStringDeserializer.deserialize(ObjectIdDeserializers.java:55) > > > > > > at > org.mongojack.internal.ObjectIdDeserializers$ToStringDeserializer.deserialize(ObjectIdDeserializers.java:37) > > > > > > at
[graylog2] Re: receiving netflow
Hello Jochen, nice work! Is it planned to support IPFIX/AppFlow in the future? Cheers, Rainer Am Mittwoch, 26. August 2015 10:37:35 UTC+2 schrieb Jochen Schalanda: > > Hi Marsel, > > we will publish a Netflow plugin for Graylog 1.2.0 in the near future. I'm > not aware of any Netflow plugin for Graylog 1.1.x. > > > Cheers, > Jochen > > On Wednesday, 26 August 2015 00:40:38 UTC+2, Marsel Qako wrote: >> >> HI, >> >> I would like to collect netflow from cisco devices into graylog. I >> haven't been able to find any documentation if it is supported. Is this a >> supported feature? >> >> Thank you, >> Marsel >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4ce591a4-8756-4a46-9cd3-f6c791acbfa2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Autologin for Graylog Dashboard?
> > >> Hello there, yes is possible to autologin, you can use this html code, I tested and works. But you need to set a timer or something for what you want, certanly that can be done with js. Will be cool to do it with out hardcode the username and password. ** ** *AutoLogin* ** *function loginForm() {* *document.myform.action = "https://graylog/login";* *document.myform.submit();* *}* ** ** ** ** ** ** ** ** ** -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a2bca7ea-ac6d-4649-aa9f-94afa7dc89f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: receiving netflow
Hi Rainer, support for AppFlow is currently not planned but feel free to post a feature request at https://github.com/Graylog2/graylog-plugin-netflow/issues . Cheers, Jochen On Thursday, 17 September 2015 10:15:45 UTC+2, RaCo wrote: > > Hello Jochen, > > nice work! Is it planned to support IPFIX/AppFlow in the future? > > Cheers, > Rainer > > Am Mittwoch, 26. August 2015 10:37:35 UTC+2 schrieb Jochen Schalanda: >> >> Hi Marsel, >> >> we will publish a Netflow plugin for Graylog 1.2.0 in the near future. >> I'm not aware of any Netflow plugin for Graylog 1.1.x. >> >> >> Cheers, >> Jochen >> >> On Wednesday, 26 August 2015 00:40:38 UTC+2, Marsel Qako wrote: >>> >>> HI, >>> >>> I would like to collect netflow from cisco devices into graylog. I >>> haven't been able to find any documentation if it is supported. Is this a >>> supported feature? >>> >>> Thank you, >>> Marsel >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1dae18ba-08ad-4abf-940f-a8618b1a704a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] drools rules metrics?
Hi, Is there any way I can extract info about how many rules have been affected by my drools rules? some kind of metrics of dropped/changed messages depending on rule. I know I can use log but it's too verbose, all i need is numbers. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2d8e8efc-0b2d-4e94-baa9-09fe463df8ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Problem with streeam alerts after updating to graylog1.2
HI, My workaround is to clone it, and create the callback again if needed. Arie. On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote: > > Hello, > > We have the same problem after upgrading to 1.2.0. The callbacks created > before version 1.1.6 are not displayed. We also get the error message log: > ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource > com.mongodb.MongoException$Network: Read operation to server > localhost:27017 failed on database graylog2 > > Regards. > > El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió: >> >> Send it by mail >> >> hth,, >> >> Arie >> >> On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez >> wrote: >>> >>> We saw a similar problem with an alert callback that was created in 1.0, >>> it could be the same problem that you are experiencing. Could you share >>> with us your "alarmcallbackconfigurations" MongoDB collection in order to >>> further investigate the issue? Please send it to edm...@graylog.com if >>> it contains any sensitive information. >>> >>> In case you don't know how to get the collection, you can get the >>> MongoDB collection by executing the following command in a terminal: >>> mongo :/ <<< >>> 'db.alarmcallbackconfigurations.find()' >>> >>> Please remember to replace , , and >>> with the actual values for your environment. You >>> may also need to add a username and password if your setup requires >>> authentication. >>> >>> Edmundo >>> >>> > On 16 Sep 2015, at 13:09, Ariewrote: >>> > >>> > That is very well possible, 1.0 or 1.01 but not totally shore of it. >>> > >>> > In one of the upgrades I had a problem with some data that was the >>> result of a Yum update from repository >>> > where old data was deleted an a wrong/missing node-id file. >>> > >>> > We use the contend-pack function for backup of a lot of settings, an >>> what I see now is that the callback >>> > function is not present there, and may be missing in my present stream >>> configs. >>> > >>> > Arie >>> > >>> > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: >>> > That previous 1.1 version, was it an upgrade from 1.0 by any chance? >>> > >>> > Edmundo >>> > >>> > > On 16 Sep 2015, at 11:39, Arie wrote: >>> > > >>> > > And second: >>> > > >>> > > In the alert the "callbacks" part in the GUI keeps "loading" going >>> on endlesly. >>> > > I remember editing the calback email condition so we are closer >>> intho the problem I guess >>> > > >>> > > Arie >>> > > >>> > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo >>> Alvarez: >>> > > Hi Arie, >>> > > >>> > > From which version did you upgrade to 1.2? It would also be helpful >>> to know if that was a clean installation or an upgrade from an even earlier >>> version. >>> > > >>> > > Regards, >>> > > >>> > > Edmundo >>> > > >>> > > > On 16 Sep 2015, at 11:10, Arie wrote: >>> > > > >>> > > > I'dd had an error on producing the clone, but it appeard to be >>> there. After putting the receivers in it, >>> > > > il looks like it is worrking. So whot is wrong with the original >>> alerts. ? >>> > > > >>> > > > >>> > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: >>> > > > Cloning the stream is not possible either >>> > > > >>> > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: >>> > > > Hi, >>> > > > >>> > > > we are encountering problems with stream alerts after the update. >>> > > > When editing/testing the alert condition we get this message in >>> the GUI. >>> > > > >>> > > > Could not retrieve AlarmCallbacks >>> > > > Fetching AlarmCallbacks failed with status: Internal Server Error >>> > > > >>> > > > >>> > > > server logfile (partial): >>> > > > >>> > > > ERROR [AnyExceptionClassMapper] Unhandled exception in REST >>> resource >>> > > > com.mongodb.MongoException$Network: Read operation to server >>> localhost:27017 failed on database graylog2 >>> > > > at >>> com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) >>> > > > at >>> com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) >>> > > > at >>> com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) >>> > > > at >>> com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:66) >>> > > > at com.mongodb.DBCursor._check(DBCursor.java:498) >>> > > > at com.mongodb.DBCursor._hasNext(DBCursor.java:621) >>> > > > at com.mongodb.DBCursor._fill(DBCursor.java:726) >>> > > > at com.mongodb.DBCursor.toArray(DBCursor.java:763) >>> > > > at org.mongojack.DBCursor.toArray(DBCursor.java:426) >>> > > > at org.mongojack.DBCursor.toArray(DBCursor.java:411) >>> > > > >>> > > > >>> > > > Caused by: com.fasterxml.jackson.databind.JsonMappingException: >>> Can not construct instance of java.lang.String, problem:
Re: [graylog2] Problem with streeam alerts after updating to graylog1.2
Thank you but it didn't work for me. I got the error message: Could not clone Stream Cloning Stream failed with status: Internal Server error. In the server.log file the error "Read operation to server localhost:27017 failed on database graylog2" is present again. Regards. El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió: > > HI, > > My workaround is to clone it, and create the callback again if needed. > > Arie. > > On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote: >> >> Hello, >> >> We have the same problem after upgrading to 1.2.0. The callbacks >> created before version 1.1.6 are not displayed. We also get the error >> message log: ERROR [AnyExceptionClassMapper] Unhandled exception in REST >> resource >> com.mongodb.MongoException$Network: Read operation to server >> localhost:27017 failed on database graylog2 >> >> Regards. >> >> El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió: >>> >>> Send it by mail >>> >>> hth,, >>> >>> Arie >>> >>> On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez >>> wrote: We saw a similar problem with an alert callback that was created in 1.0, it could be the same problem that you are experiencing. Could you share with us your "alarmcallbackconfigurations" MongoDB collection in order to further investigate the issue? Please send it to edm...@graylog.com if it contains any sensitive information. In case you don't know how to get the collection, you can get the MongoDB collection by executing the following command in a terminal: mongo :/ <<< 'db.alarmcallbackconfigurations.find()' Please remember to replace , , and with the actual values for your environment. You may also need to add a username and password if your setup requires authentication. Edmundo > On 16 Sep 2015, at 13:09, Ariewrote: > > That is very well possible, 1.0 or 1.01 but not totally shore of it. > > In one of the upgrades I had a problem with some data that was the result of a Yum update from repository > where old data was deleted an a wrong/missing node-id file. > > We use the contend-pack function for backup of a lot of settings, an what I see now is that the callback > function is not present there, and may be missing in my present stream configs. > > Arie > > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: > That previous 1.1 version, was it an upgrade from 1.0 by any chance? > > Edmundo > > > On 16 Sep 2015, at 11:39, Arie wrote: > > > > And second: > > > > In the alert the "callbacks" part in the GUI keeps "loading" going on endlesly. > > I remember editing the calback email condition so we are closer intho the problem I guess > > > > Arie > > > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo Alvarez: > > Hi Arie, > > > > From which version did you upgrade to 1.2? It would also be helpful to know if that was a clean installation or an upgrade from an even earlier version. > > > > Regards, > > > > Edmundo > > > > > On 16 Sep 2015, at 11:10, Arie wrote: > > > > > > I'dd had an error on producing the clone, but it appeard to be there. After putting the receivers in it, > > > il looks like it is worrking. So whot is wrong with the original alerts. ? > > > > > > > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: > > > Cloning the stream is not possible either > > > > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: > > > Hi, > > > > > > we are encountering problems with stream alerts after the update. > > > When editing/testing the alert condition we get this message in the GUI. > > > > > > Could not retrieve AlarmCallbacks > > > Fetching AlarmCallbacks failed with status: Internal Server Error > > > > > > > > > server logfile (partial): > > > > > > ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource > > > com.mongodb.MongoException$Network: Read operation to server localhost:27017 failed on database graylog2 > > > at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) > > > at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) > > > at com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) > > > at com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:66) > > > at com.mongodb.DBCursor._check(DBCursor.java:498) > > >
[graylog2] Re: One more search question ...
Hi Claus, not all message fields are being analyzed during index time, which enables wildcard searches in the first place. By default, only message, full_message, and source are being analyzed. If you want to analyze other message fields as well, you'll need to create an Elasticsearch index template with the appropriate mapping: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html Cheers, Jochen On Thursday, 17 September 2015 13:44:48 UTC+2, Claus Koell wrote: > > Hi ! > > We have a Input that extract some fields with regular expressions from > messages coming from a apache access-log > One resulting field is called path. > > Some values in that field look like > > /primefaces/5.1.14/primefaces.css > /mahara/view/blocks.json.php > /TestWeb/sample.do > > If i try to search with wildcards it looks like that values with a lower > "beginning" will be found > > Sample search strings with results: > > path:\/primefaces\/5.1.14\/* > path:\/mahara\/view\/* > > If i try this search i get no results > > path:\/TestWeb\/* > > Trying to search for a valid value without wildcard works fine > > path:\/TestWeb\/sample.do > > Thanks for any tip ! > > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ed889e93-c0ad-4ece-885b-32fc1e4a8e65%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Graylog Docker, ES Cluster Status - Red
Hi @all I'm starting my es docker with params as follow: docker run -t -p 9000:9000 -p 12201:12201 -p 514:514/udp -p : -e GRAYLOG_NODE_ID=static-nodename -e GRAYLOG_TIMEZONE=Europe/Berlin -e GRAYLOG_SMTP_SERVER="my-smtp.server --no-tls --no-ssl" -v /graylog/data: /var/opt/graylog/data -v /graylog/logs:/var/log/graylog -v /graylog/plugin: /opt/graylog/plugin graylog2/allinone After restarting the docker container with the same params the cluster of my elasticsearch get status RED. What can i do to avoid this problem? Thanks in advance Ivan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c3d859d7-561a-47b4-ba3c-856b27f2c421%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: elasticsearch node with mixed SSD and HDD
This seems to be closely related to your issue: https://www.elastic.co/blog/hot-warm-architecture?blade=tw Am Mittwoch, 16. September 2015 17:12:45 UTC+2 schrieb holgerop...@gmail.com: > > *Is it possible to move older indices from FS x on SSD to FS y on HDD?* > > We want to try this because server with large SSD-arrays are aweful > expensive. We know we have to expect performance implications during > searches in data we moved to HDD. > As far as we know old indices are no longer updated in any way. > > Can we: > >1. close the index in Graylog >2. move the shards-directory of an old index from FS x to FS y. >ES config must include the multiple data locations option. >3. reopen the index in Graylog. > > What do you think? > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/97868377-3aae-43aa-a30b-38f3037a8600%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Problem with streeam alerts after updating to graylog1.2
I have that error to, but the clone appeard. We put "Clone" in front of the name of the clone, you have to do that :-) On Thursday, September 17, 2015 at 2:02:42 PM UTC+2, Ubay wrote: > > Thank you but it didn't work for me. I got the error message: > > Could not clone Stream > Cloning Stream failed with status: Internal Server error. > > > In the server.log file the error "Read operation to server localhost:27017 > failed on database graylog2" is present again. > > Regards. > > El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió: >> >> HI, >> >> My workaround is to clone it, and create the callback again if needed. >> >> Arie. >> >> On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote: >>> >>> Hello, >>> >>> We have the same problem after upgrading to 1.2.0. The callbacks >>> created before version 1.1.6 are not displayed. We also get the error >>> message log: ERROR [AnyExceptionClassMapper] Unhandled exception in REST >>> resource >>> com.mongodb.MongoException$Network: Read operation to server >>> localhost:27017 failed on database graylog2 >>> >>> Regards. >>> >>> El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió: Send it by mail hth,, Arie On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez wrote: > > We saw a similar problem with an alert callback that was created in > 1.0, it could be the same problem that you are experiencing. Could you > share with us your "alarmcallbackconfigurations" MongoDB collection in > order to further investigate the issue? Please send it to > edm...@graylog.com if it contains any sensitive information. > > In case you don't know how to get the collection, you can get the > MongoDB collection by executing the following command in a terminal: > mongo :/ <<< > 'db.alarmcallbackconfigurations.find()' > > Please remember to replace , , and > with the actual values for your environment. You > may also need to add a username and password if your setup requires > authentication. > > Edmundo > > > On 16 Sep 2015, at 13:09, Ariewrote: > > > > That is very well possible, 1.0 or 1.01 but not totally shore of it. > > > > In one of the upgrades I had a problem with some data that was the > result of a Yum update from repository > > where old data was deleted an a wrong/missing node-id file. > > > > We use the contend-pack function for backup of a lot of settings, an > what I see now is that the callback > > function is not present there, and may be missing in my present > stream configs. > > > > Arie > > > > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo > Alvarez: > > That previous 1.1 version, was it an upgrade from 1.0 by any chance? > > > > Edmundo > > > > > On 16 Sep 2015, at 11:39, Arie wrote: > > > > > > And second: > > > > > > In the alert the "callbacks" part in the GUI keeps "loading" going > on endlesly. > > > I remember editing the calback email condition so we are closer > intho the problem I guess > > > > > > Arie > > > > > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo > Alvarez: > > > Hi Arie, > > > > > > From which version did you upgrade to 1.2? It would also be > helpful to know if that was a clean installation or an upgrade from an > even > earlier version. > > > > > > Regards, > > > > > > Edmundo > > > > > > > On 16 Sep 2015, at 11:10, Arie wrote: > > > > > > > > I'dd had an error on producing the clone, but it appeard to be > there. After putting the receivers in it, > > > > il looks like it is worrking. So whot is wrong with the original > alerts. ? > > > > > > > > > > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: > > > > Cloning the stream is not possible either > > > > > > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: > > > > Hi, > > > > > > > > we are encountering problems with stream alerts after the > update. > > > > When editing/testing the alert condition we get this message in > the GUI. > > > > > > > > Could not retrieve AlarmCallbacks > > > > Fetching AlarmCallbacks failed with status: Internal Server > Error > > > > > > > > > > > > server logfile (partial): > > > > > > > > ERROR [AnyExceptionClassMapper] Unhandled exception in REST > resource > > > > com.mongodb.MongoException$Network: Read operation to server > localhost:27017 failed on database graylog2 > > > > at > com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298)
Re: [graylog2] Graylog shows no menu after login
Hi Edmundo, Thanks!! The cause of this issue was the "app.js" file which graylog was no able to load. I fixed it and now the graylog is working fine. Though it is working fine, when I start the Graylog server component I get the following lines on console "Failed to load sigar falling back to jmx implementation". Is this something I should be worried about as with this still everything works fine. Can you please suggest me something on this. As I have no idea about this. Thanks in advance!! Anant :-) On Wednesday, 16 September 2015 23:23:55 UTC+5:30, Edmundo Alvarez wrote: > > Hi Anant, > > By the way you described the problem, there must be some error loading > Javascript. Could you please take a look at the Javascript console in your > browser and share any errors that you might see there? It would also be > helpful knowing the browser and OS you use. Please also ensure that you are > not using any plugin blocking Javascript execution for Graylog. > > Regards, > > Edmundo > > > On 16 Sep 2015, at 18:58, Anant Sawant> wrote: > > > > Hi! > > > > I am running Graylog 1.1.6 server component and Graylog web component > 1.1.6 which I have setup manually. > > I am running this on ubuntu 14.04.1. For this I have installed > Elasticsearch 1.7.2, mongodb version v3.0.6 and Java 1.8.0_60. The Graylog > 1.1.6 server component, Graylog web component 1.1.6, Mongod and > Elasticsearch are on the same machine. For configuration I have referred > http://docs.graylog.org/en/1.2/pages/installation/manual_setup.html#configuring-the-web-interface. > > As per this document Graylog 1.1.6 server component and Graylog web > component 1.1.6 both are running well/as expected as I can see the expected > result on the console, also the logs shows no errors/exception. It also > shows the graylog login screen, but when I login using the credentials I > see no menu's, all I get is a simple page saying "graylog-web-interface > v1.1.6 (2e264c2) (Oracle Corporation 1.8.0_60 / Linux 3.13.0-32-generic) on > ubuntu ". Why are the menus not visible?? > > Is it because as I have not pointed the configured elasticsearch to > syslog or any other log system. Or is the issue with the configuration?? > > I have attached the configuration files. > > > > Please suggest or give me a idea to where to look for this issue. > > > > Thanks in advance > > > > Anant:-) > > > > -- > > You received this message because you are subscribed to the Google > Groups "Graylog Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to graylog2+u...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/6683ee44-dda1-4869-b72e-d43471f8d81e%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ae5d6b2f-6a5d-467b-adf8-bba225b17509%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Elasticsearch cluster is red.
Hi, I'm having an issue with elasticsearch. Any help would be really appreciated. The first time i had this issue i did a cleanse which fixed the issue for couple of days, but that deleted all my data. Every couple of days i'm getting the follwoing error *Elasticsearch cluster is red.* Shards: 8 active, 0 initializing, 0 relocating, 16 unassigned. I see messages coming in but not going out " In *47* / Out *0* msg/s" . The log file shows the following 2015-09-17_16:19:03.24771 WARN [BlockingBatchedESOutput] Error while waiting for healthy Elasticsearch cluster. Not flushing. 2015-09-17_16:19:03.24773 java.util.concurrent.TimeoutException: Elasticsearch cluster didn't get healthy within timeout 2015-09-17_16:19:03.24774 at org.graylog2.indexer.cluster.Cluster.waitForConnectedAndHealthy(Cluster.java:174) 2015-09-17_16:19:03.24774 at org.graylog2.indexer.cluster.Cluster.waitForConnectedAndHealthy(Cluster.java:179) 2015-09-17_16:19:03.24774 at org.graylog2.outputs.BlockingBatchedESOutput.flush(BlockingBatchedESOutput.java:112) 2015-09-17_16:19:03.24774 at org.graylog2.outputs.BlockingBatchedESOutput.write(BlockingBatchedESOutput.java:105) 2015-09-17_16:19:03.24774 at org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:189) 2015-09-17_16:19:03.24775 at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) 2015-09-17_16:19:03.24775 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 2015-09-17_16:19:03.24775 at java.util.concurrent.FutureTask.run(FutureTask.java:266) 2015-09-17_16:19:03.24775 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 2015-09-17_16:19:03.24775 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 2015-09-17_16:19:03.24776 at java.lang.Thread.run(Thread.java:745) Thank you for all your help -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fea28c28-7395-461c-9e95-c9ddd5c69abb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Problem with streeam alerts after updating to graylog1.2
The fix works! Thank you El jueves, 17 de septiembre de 2015, 14:06:00 (UTC+1), Edmundo Alvarez escribió: > > After looking at the documents provided by Arie and Ubay, I can confirm > the issue, and we already identified the cause. We are working to provide a > proper solution for this issue, but if you really can't wait, there is a > temporary solution and more information in here: > https://github.com/Graylog2/graylog2-server/issues/1428 > > Thank you for your patience, and sorry for any inconveniences this may > have caused. > > Regards, > > Edmundo > > > On 17 Sep 2015, at 14:55, Arie> wrote: > > > > I have that error to, but the clone appeard. > > We put "Clone" in front of the name of the clone, you have to do that > :-) > > > > > > On Thursday, September 17, 2015 at 2:02:42 PM UTC+2, Ubay wrote: > > Thank you but it didn't work for me. I got the error message: > > > > Could not clone Stream > > Cloning Stream failed with status: Internal Server error. > > > > > > In the server.log file the error "Read operation to server > localhost:27017 failed on database graylog2" is present again. > > > > Regards. > > > > El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió: > > HI, > > > > My workaround is to clone it, and create the callback again if needed. > > > > Arie. > > > > On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote: > > Hello, > > > > We have the same problem after upgrading to 1.2.0. The callbacks > created before version 1.1.6 are not displayed. We also get the error > message log: ERROR [AnyExceptionClassMapper] Unhandled exception in REST > resource > > com.mongodb.MongoException$Network: Read operation to server > localhost:27017 failed on database graylog2 > > > > Regards. > > > > El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió: > > Send it by mail > > > > hth,, > > > > Arie > > > > On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez > wrote: > > We saw a similar problem with an alert callback that was created in 1.0, > it could be the same problem that you are experiencing. Could you share > with us your "alarmcallbackconfigurations" MongoDB collection in order to > further investigate the issue? Please send it to edm...@graylog.com if it > contains any sensitive information. > > > > In case you don't know how to get the collection, you can get the > MongoDB collection by executing the following command in a terminal: > > mongo :/ <<< > 'db.alarmcallbackconfigurations.find()' > > > > Please remember to replace , , and > with the actual values for your environment. You > may also need to add a username and password if your setup requires > authentication. > > > > Edmundo > > > > > On 16 Sep 2015, at 13:09, Arie wrote: > > > > > > That is very well possible, 1.0 or 1.01 but not totally shore of it. > > > > > > In one of the upgrades I had a problem with some data that was the > result of a Yum update from repository > > > where old data was deleted an a wrong/missing node-id file. > > > > > > We use the contend-pack function for backup of a lot of settings, an > what I see now is that the callback > > > function is not present there, and may be missing in my present stream > configs. > > > > > > Arie > > > > > > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: > > > That previous 1.1 version, was it an upgrade from 1.0 by any chance? > > > > > > Edmundo > > > > > > > On 16 Sep 2015, at 11:39, Arie wrote: > > > > > > > > And second: > > > > > > > > In the alert the "callbacks" part in the GUI keeps "loading" going > on endlesly. > > > > I remember editing the calback email condition so we are closer > intho the problem I guess > > > > > > > > Arie > > > > > > > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo > Alvarez: > > > > Hi Arie, > > > > > > > > From which version did you upgrade to 1.2? It would also be helpful > to know if that was a clean installation or an upgrade from an even earlier > version. > > > > > > > > Regards, > > > > > > > > Edmundo > > > > > > > > > On 16 Sep 2015, at 11:10, Arie wrote: > > > > > > > > > > I'dd had an error on producing the clone, but it appeard to be > there. After putting the receivers in it, > > > > > il looks like it is worrking. So whot is wrong with the original > alerts. ? > > > > > > > > > > > > > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: > > > > > Cloning the stream is not possible either > > > > > > > > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: > > > > > Hi, > > > > > > > > > > we are encountering problems with stream alerts after the update. > > > > > When editing/testing the alert condition we get this message in > the GUI. > > > > > > > > > > Could not retrieve
Re: [graylog2] Problem with streeam alerts after updating to graylog1.2
After looking at the documents provided by Arie and Ubay, I can confirm the issue, and we already identified the cause. We are working to provide a proper solution for this issue, but if you really can't wait, there is a temporary solution and more information in here: https://github.com/Graylog2/graylog2-server/issues/1428 Thank you for your patience, and sorry for any inconveniences this may have caused. Regards, Edmundo > On 17 Sep 2015, at 14:55, Ariewrote: > > I have that error to, but the clone appeard. > We put "Clone" in front of the name of the clone, you have to do that :-) > > > On Thursday, September 17, 2015 at 2:02:42 PM UTC+2, Ubay wrote: > Thank you but it didn't work for me. I got the error message: > > Could not clone Stream > Cloning Stream failed with status: Internal Server error. > > > In the server.log file the error "Read operation to server localhost:27017 > failed on database graylog2" is present again. > > Regards. > > El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió: > HI, > > My workaround is to clone it, and create the callback again if needed. > > Arie. > > On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote: > Hello, > > We have the same problem after upgrading to 1.2.0. The callbacks created > before version 1.1.6 are not displayed. We also get the error message log: > ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource > com.mongodb.MongoException$Network: Read operation to server localhost:27017 > failed on database graylog2 > > Regards. > > El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió: > Send it by mail > > hth,, > > Arie > > On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez wrote: > We saw a similar problem with an alert callback that was created in 1.0, it > could be the same problem that you are experiencing. Could you share with us > your "alarmcallbackconfigurations" MongoDB collection in order to further > investigate the issue? Please send it to edm...@graylog.com if it contains > any sensitive information. > > In case you don't know how to get the collection, you can get the MongoDB > collection by executing the following command in a terminal: > mongo :/ <<< > 'db.alarmcallbackconfigurations.find()' > > Please remember to replace , , and > with the actual values for your environment. You may > also need to add a username and password if your setup requires > authentication. > > Edmundo > > > On 16 Sep 2015, at 13:09, Arie wrote: > > > > That is very well possible, 1.0 or 1.01 but not totally shore of it. > > > > In one of the upgrades I had a problem with some data that was the result > > of a Yum update from repository > > where old data was deleted an a wrong/missing node-id file. > > > > We use the contend-pack function for backup of a lot of settings, an what I > > see now is that the callback > > function is not present there, and may be missing in my present stream > > configs. > > > > Arie > > > > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: > > That previous 1.1 version, was it an upgrade from 1.0 by any chance? > > > > Edmundo > > > > > On 16 Sep 2015, at 11:39, Arie wrote: > > > > > > And second: > > > > > > In the alert the "callbacks" part in the GUI keeps "loading" going on > > > endlesly. > > > I remember editing the calback email condition so we are closer intho the > > > problem I guess > > > > > > Arie > > > > > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo Alvarez: > > > Hi Arie, > > > > > > From which version did you upgrade to 1.2? It would also be helpful to > > > know if that was a clean installation or an upgrade from an even earlier > > > version. > > > > > > Regards, > > > > > > Edmundo > > > > > > > On 16 Sep 2015, at 11:10, Arie wrote: > > > > > > > > I'dd had an error on producing the clone, but it appeard to be there. > > > > After putting the receivers in it, > > > > il looks like it is worrking. So whot is wrong with the original > > > > alerts. ? > > > > > > > > > > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: > > > > Cloning the stream is not possible either > > > > > > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: > > > > Hi, > > > > > > > > we are encountering problems with stream alerts after the update. > > > > When editing/testing the alert condition we get this message in the > > > > GUI. > > > > > > > > Could not retrieve AlarmCallbacks > > > > Fetching AlarmCallbacks failed with status: Internal Server Error > > > > > > > > > > > > server logfile (partial): > > > > > > > > ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource > > > > com.mongodb.MongoException$Network: Read operation to server > > > > localhost:27017 failed on database
[graylog2] Chunking format, some examples?
I am just getting started using graylog, and am honing my logging. I have a large dump from an external tool im using in my data pipeline that I want so send as a Debug-level single log item. I'm interfacing with graylog with nc, piping a formatted string, of GELF format, to it (ip address obfuscated below, of course): echo "{\"version\": \"$GRAYLOG_VERSION\",\"host\":\"$APP_HOST\",\"short_message\":\"$SHORT_MESSAGE\",\"full_message\":\"$j\",\"level\":$LOG_LEVEL,\"log_type\":\"$LOG_TYPE\"}" | nc -w 3 -u 00.00.00.00 12201 I see in the docs there is a direction, and further info about a structure to prepend, but I'm not clear WHERE this should go, like directly before the { or what, any separators? An example would be really helpful: You can define chunks of messages by prepending a byte header to a GELF message including a message ID and sequence count/number to reassemble the message later -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9e6a983b-089b-4e31-abd3-13a77add9d52%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Elasticsearch cluster is red.
Are you able to do a cat on your elastic search via the api? https://www.elastic.co/guide/en/elasticsearch/reference/current/cat.html Do you just have one ES node? Does the logs for elaaticsearch have any errors? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/93fe71a4-879a-4dc8-9816-2458599a9473%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.