[graylog2] Change log retention days

2016-01-13 Thread Matthew Simon 
Hi Guys 

Please could you help me how would i change the log retention days on 
Graylog to 3 months?

Thanks 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7c3b4798-2765-4d58-9a63-83fbabe21160%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Email Configuration

2016-01-13 Thread Phil Bailey 
Hi All

Was wondering if somebody could help me, im trying to configure the email 
transport settings but when i try to send a test email i get an error statin

Email Transport Configuration is missing or invalid

My graylog server config reads as below

# Email transport
transport_email_enabled = true
transport_email_hostname = exchange.vstrading.co.uk
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username =
transport_email_auth_password =
transport_email_subject_prefix = [graylog2]
transport_email_from_email = grayl...@vstrading.co.uk

Am i missing something?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b98d5442-dd37-4507-9700-d3192f1058ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: can't enable journal

2016-01-13 Thread Charles Rice 
This worked for me :+1:

On Wednesday, 2 September 2015 18:23:58 UTC+1, Ed Totman wrote:
>
> For anyone else who has this problem in the future the solution was to 
> shutdown graylog delete /var/opt/graylog/data/journal/.kafka_cleanshutdown 
> and restart
>
> On Wednesday, September 2, 2015 at 10:17:34 AM UTC-7, Ed Totman wrote:
>>
>> kafka.common.KafkaException: Failed to acquire lock on file .lock in 
>> /var/opt/graylog/data/journal. A Kafka instance in another process or 
>> thread is using this directory.
>>
>> Stopped and restarted graylog-server, rebooted, deleted lock file, 
>> nothing works.  Any suggestions?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d8ba776a-a2de-47cc-9540-fd2a4501b28d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Journal filling in a short time

2016-01-13 Thread robertocarna36 
Dear, Ia have Graylog 1.2 with just one Elasticsearch node. I receive lots 
of logs from different devices. After a pair of hours, I often notice that 
incoming messages are higher than outgoing messages, and so the journal is 
fullfilled and the message processing mechanism stops, and I have to delete 
messages from journal manually.

This is a sample verbose message from the Nodes of Graylog:

Processing *1,126* incoming and *500* outgoing msg/s. *130,739 unprocessed 
messages* are currently in the journal, in 1 segments. *857 messages* have 
been appended to, and *857 messages* have been read from the journal in the 
last second.

Is there any way to process more messages and have higher outgoing 
messages? Or any other way to avoid the fullfilling of the journal ?

Thanks a lot,

Roberto

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5626cf24-5d87-43dc-82c1-c13bbac5fb50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] NXLOG configuration for Computer

2016-01-13 Thread Brendan Lavolée 
Hello, I'm looking for a configuration file of Nxlog for input my logs of 
my computer W7. If you have any configuration file... thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/35956ada-e878-4253-a7af-bcb7f849bdfc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Email Configuration

2016-01-13 Thread Joi Owen 
I connect to exchange, I can look it up for you when I get to the office.
I filed a bug report about an issue with it regarding how the From: is
composed, haven't gotten 'boo' back about it.  Our exchange admin makes
things as difficult as possible for anything on linux to send emails so I
have to jump through yoops.  Are you also the email admin, or do you have
someone else setting connection criteria?



On Wed, Jan 13, 2016 at 5:23 AM, Phil Bailey 
wrote:

> Hi All
>
> Was wondering if somebody could help me, im trying to configure the email
> transport settings but when i try to send a test email i get an error statin
>
> Email Transport Configuration is missing or invalid
>
> My graylog server config reads as below
>
> # Email transport
> transport_email_enabled = true
> transport_email_hostname = exchange.vstrading.co.uk
> transport_email_port = 25
> transport_email_use_auth = false
> transport_email_use_tls = true
> transport_email_use_ssl = true
> transport_email_auth_username =
> transport_email_auth_password =
> transport_email_subject_prefix = [graylog2]
> transport_email_from_email = grayl...@vstrading.co.uk
>
> Am i missing something?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/b98d5442-dd37-4507-9700-d3192f1058ba%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 

No matter what we think of Linux versus FreeBSD, etc., the one thing I
really like about Linux is that it has Microsoft worried. Anything
that kicks a monopoly in the pants has got to be good for something.
- Chris Johnson

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAL5rfGWbPPynxiHOUKvfBsBQPq9yMDqEsaTOor3v%3D3eedp8n9w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Email Configuration

2016-01-13 Thread Phil Bailey 
Many Thanks for coming back to me Joi, i have full admin so should be able 
to change any settings if needed, if you could check id really appreciate 
it.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6c105c8e-11aa-4f2c-bbbe-461671be0cf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Recovering from corrupt elasticsearch indexes

2016-01-13 Thread Trey Dockendorf 
Our data center recently had a catastrophic power loss.  Once everything 
was back up Graylog refuses to start [1] and the issue seems to be a 
corrupt elasticsearch indexes [2].  I've attempted rerouting the indexes 
but that has not worked.  I fear my only option is to delete the corrupt 
indexes, but I'm unsure what kind of impact that will have on Graylog.

Any advice is greatly appreciated.

Thanks,
- Trey

[1]: 
2016-01-13T12:01:24.886-06:00 WARN  [BlockingBatchedESOutput] Error while 
waiting for healthy Elasticsearch cluster. Not flushing.
java.util.concurrent.TimeoutException: Elasticsearch cluster didn't get 
healthy within timeout
at 
org.graylog2.indexer.cluster.Cluster.waitForConnectedAndHealthy(Cluster.java:174)
at 
org.graylog2.indexer.cluster.Cluster.waitForConnectedAndHealthy(Cluster.java:179)
at 
org.graylog2.outputs.BlockingBatchedESOutput.flush(BlockingBatchedESOutput.java:112)
at 
org.graylog2.outputs.BlockingBatchedESOutput.write(BlockingBatchedESOutput.java:105)
at 
org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:189)
at 
com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
2016-01-13T12:01:51.526-06:00 INFO  [IndexRetentionThread] Elasticsearch 
cluster not available, skipping index retention checks.

[2]:
# curl -XGET http://localhost:9200/_cat/shards
graylog2_6 0 p STARTED2700869 398.6mb 192.168.200.93 gl-es01-esgl2
graylog2_6 3 p STARTED2694087   397mb 192.168.200.93 gl-es01-esgl2
graylog2_6 1 p UNASSIGNED
graylog2_6 2 p UNASSIGNED
graylog2_4 0 p STARTED5040142 796.3mb 192.168.200.93 gl-es01-esgl2
graylog2_4 3 p STARTED5003263 789.1mb 192.168.200.93 gl-es01-esgl2
graylog2_4 1 p STARTED5001091 788.6mb 192.168.200.93 gl-es01-esgl2
graylog2_4 2 p STARTED4958409 783.6mb 192.168.200.93 gl-es01-esgl2
graylog2_5 0 p STARTED5019303 743.4mb 192.168.200.93 gl-es01-esgl2
graylog2_5 3 p STARTED5001404 739.3mb 192.168.200.93 gl-es01-esgl2
graylog2_5 1 p STARTED5000525 739.3mb 192.168.200.93 gl-es01-esgl2
graylog2_5 2 p STARTED4979658 737.7mb 192.168.200.93 gl-es01-esgl2
graylog2_2 0 p STARTED5023249 985.4mb 192.168.200.93 gl-es01-esgl2
graylog2_2 3 p STARTED4999096 979.1mb 192.168.200.93 gl-es01-esgl2
graylog2_2 1 p STARTED5001476 980.1mb 192.168.200.93 gl-es01-esgl2
graylog2_2 2 p STARTED4976833 973.5mb 192.168.200.93 gl-es01-esgl2
graylog2_3 0 p STARTED5000546 1gb 192.168.200.93 gl-es01-esgl2
graylog2_3 3 p STARTED4998766 1gb 192.168.200.93 gl-es01-esgl2
graylog2_3 1 p STARTED4999378 1gb 192.168.200.93 gl-es01-esgl2
graylog2_3 2 p STARTED5001326 1gb 192.168.200.93 gl-es01-esgl2
graylog2_0 0 p STARTED3686796 819.8mb 192.168.200.93 gl-es01-esgl2
graylog2_0 3 p STARTED3655173 812.8mb 192.168.200.93 gl-es01-esgl2
graylog2_0 1 p STARTED3655623   813mb 192.168.200.93 gl-es01-esgl2
graylog2_0 2 p STARTED3625428 805.7mb 192.168.200.93 gl-es01-esgl2
graylog2_1 0 p STARTED5053805 1gb 192.168.200.93 gl-es01-esgl2
graylog2_1 3 p STARTED5000588 1gb 192.168.200.93 gl-es01-esgl2
graylog2_1 1 p STARTED5001749 1gb 192.168.200.93 gl-es01-esgl2
graylog2_1 2 p STARTED4943861 1gb 192.168.200.93 gl-es01-esgl2

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d72f0c6c-87cc-4edb-a167-2f5115501e0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] While Starting Elasticsearch-2.1.1! Getting an Error!!

2016-01-13 Thread Shrawan Bhagwat 
Hi All,

i have installed ES-2.1.1 and when i am trying to start it using the 
command:
 bin/elasticsearch 
-Des.path.conf=/smapp/LMS_Updated/ElasticSearch/elasticsearch-2.1.1/config/

it is generating this kind of Log in log file :

Exception in thread "main" java.lang.RuntimeException: don't run 
elasticsearch as root.
at 
org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:93)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:144)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285)
at 
org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

I have tried to use a user other than root user, but still i am unable to 
run it.
Please help! Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6ab303d4-20d2-4bb8-af16-d92490f1d91b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] REST API /search/universal/absolute

2016-01-13 Thread packetsmacker 
So I see two/search/universal/absolute methods (sorry I can't see to recall 
the term at the moment) and the only difference I can see is one requires 
fields and returns a csv the other returns json and doesn't require feilds. 
Other then that I cant tell what is different. 


The problem I have is my get used to return json. Now when I run the script 
it looks like it is failing because it is getting back a csv. So when I 
went to look at the documentation I couldn't figure out how graylog would 
know which way I wanted it to return the data. I think it was updated since 
the last time I ran my script but I don't take care of that side of the 
servers. How do I get it to return json? 


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/355fcf31-2650-466c-bcbe-aae9811ccce9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] None zero exit value 128

2016-01-13 Thread thuongtc90 
Hi,
I have just built graylog web interface 1.3 from this rource graylog2 web 
interface 1.3.2 

when I go to localhost:9000,I got this error.Please give me an advice
[info] play - Listening for HTTP on /0:0:0:0:0:0:0:0:9000

(Server started, use Ctrl+D to stop and go back to the console...)

[info] Compiling 1 Scala source to /home/ubuntu/web-interface/graylog2-web-
interface-1.3/target/scala-2.10/classes...
fatal: Not a git repository (or any of the parent directories): .git
java.lang.RuntimeException: Nonzero exit value: 128
at scala.sys.package$.error(package.scala:27)
at sbt.AbstractProcessBuilder.getString(ProcessImpl.scala:134)
at sbt.AbstractProcessBuilder.$bang$bang(ProcessImpl.scala:136)
at ApplicationBuild$$anonfun$10.apply(Build.scala:54)
at ApplicationBuild$$anonfun$10.apply(Build.scala:52)
at sbt.Scoped$RichInitialize$$anonfun$map$1$$anonfun$apply$3.apply(
Structure.scala:192)
at sbt.std.Transform$$anon$3$$anonfun$apply$2.apply(System.scala:44)
at sbt.std.Transform$$anon$3$$anonfun$apply$2.apply(System.scala:44)
at sbt.std.Transform$$anon$4.work(System.scala:63)
at sbt.Execute$$anonfun$submit$1$$anonfun$apply$1.apply(Execute.scala:
226)
at sbt.Execute$$anonfun$submit$1$$anonfun$apply$1.apply(Execute.scala:
226)
at sbt.ErrorHandling$.wideConvert(ErrorHandling.scala:17)
at sbt.Execute.work(Execute.scala:235)
at sbt.Execute$$anonfun$submit$1.apply(Execute.scala:226)
at sbt.Execute$$anonfun$submit$1.apply(Execute.scala:226)
at sbt.ConcurrentRestrictions$$anon$4$$anonfun$1.apply(
ConcurrentRestrictions.scala:159)
at sbt.CompletionService$$anon$2.call(CompletionService.scala:28)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:
471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:615)
at java.lang.Thread.run(Thread.java:745)
[error] (compile:managedResources) Nonzero exit value: 128
[error] application - 

! @6omi1a71c - Internal server error, for (GET) [/] ->

play.PlayExceptions$UnexpectedException: Unexpected exception[
RuntimeException: Nonzero exit value: 128]
at play.PlayReload$$anonfun$taskFailureHandler$1.apply(PlayReload.scala:
51) ~[na:na]
at play.PlayReload$$anonfun$taskFailureHandler$1.apply(PlayReload.scala:
44) ~[na:na]
at scala.Option.map(Option.scala:145) ~[scala-library.jar:na]
at play.PlayReload$.taskFailureHandler(PlayReload.scala:44) ~[na:na]
at play.PlayReload$.compileFailure(PlayReload.scala:40) ~[na:na]
Caused by: java.lang.RuntimeException: Nonzero exit value: 128
at scala.sys.package$.error(package.scala:27) ~[scala-library.jar:na]
at sbt.AbstractProcessBuilder.getString(ProcessImpl.scala:134) ~[na:na]
at sbt.AbstractProcessBuilder.$bang$bang(ProcessImpl.scala:136) ~[na:na]
at ApplicationBuild$$anonfun$10.apply(Build.scala:54) ~[na:na]
at ApplicationBuild$$anonfun$10.apply(Build.scala:52) ~[na:na]
[warn] play - No application found at invoker init



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3a8696cb-e562-4f63-b818-1e00dd026a33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: slow/soft migration from "minimal setup" to "bigger production setup"

2016-01-13 Thread Denny Gebel 
I'm going to try out this guide 
http://secopsmonkey.com/migrating-graylog2-servers.html

Am Montag, 11. Januar 2016 14:42:59 UTC+1 schrieb Denny Gebel:
>
> Hello all,
>
> currently we're running a very simple setup (es, mongodb, graylog, 
> graylog-web on one system). 
> As more and more systems/devices are sending logs to graylog, free 
> diskspace and overall performance is degrading rapidly.
>
> My goal is to build up a setup as described here: 
> http://docs.graylog.org/en/1.3/pages/architecture.html#bigger-production-setup
>
> Has anyone done this before? Is there any recommend way to do so? And - if 
> course - I'd like not to loose any of the logs which are stored in my 
> current system ;)
>
>
> Thank you for any feedback,
>
> Denny
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2bfcd0db-5747-45fd-80d5-a86b413c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Problems loading plugins within graylog 1.3.2

2016-01-13 Thread cornelius . rolf 
Hi,

while e.g. the usage- and the beats-plugin are loading without any problem 
in graylog 1.2.1:

2016-01-13 18:33:51,547 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded 
plugins: [Anonymous Usage Statistics 1.1.1 
[org.graylog.plugins.usagestatistics.UsageStatsPlugin], Elastic Beats Input 
1.0.0 [BeatsInputPlugin]]

I can't load any plugins in graylog 1.3.2:

2016-01-12 16:28:12,110 ERROR: org.graylog2.bootstrap.CmdLineTool - Plugin 
"Elastic Beats Input" requires version 1.0.0 - not loading!
2016-01-12 16:28:12,111 ERROR: org.graylog2.bootstrap.CmdLineTool - Plugin 
"Anonymous Usage Statistics" requires version 1.3.0 - not loading!
2016-01-12 16:28:12,111 ERROR: org.graylog2.bootstrap.CmdLineTool - Plugin 
"HttpMonitorInput" requires version 1.2.0 - not loading!
2016-01-12 16:28:12,111 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded 
plugins: []

I think, there is something wrong regarding the control of required 
graylog-version...

Cheers, Cornelius

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ad643fe6-0843-43c4-a436-69242e6fb35e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Problems loading plugins within graylog 1.3.2

2016-01-13 Thread Jochen Schalanda 
Hi Cornelius,

please post the complete startup log of your Graylog 1.3.2 server node.


Cheers,
Jochen

On Wednesday, 13 January 2016 18:43:15 UTC+1, corneli...@gmail.com wrote:
>
> Hi,
>
> while e.g. the usage- and the beats-plugin are loading without any problem 
> in graylog 1.2.1:
>
> 2016-01-13 18:33:51,547 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded 
> plugins: [Anonymous Usage Statistics 1.1.1 
> [org.graylog.plugins.usagestatistics.UsageStatsPlugin], Elastic Beats Input 
> 1.0.0 [BeatsInputPlugin]]
>
> I can't load any plugins in graylog 1.3.2:
>
> 2016-01-12 16:28:12,110 ERROR: org.graylog2.bootstrap.CmdLineTool - Plugin 
> "Elastic Beats Input" requires version 1.0.0 - not loading!
> 2016-01-12 16:28:12,111 ERROR: org.graylog2.bootstrap.CmdLineTool - Plugin 
> "Anonymous Usage Statistics" requires version 1.3.0 - not loading!
> 2016-01-12 16:28:12,111 ERROR: org.graylog2.bootstrap.CmdLineTool - Plugin 
> "HttpMonitorInput" requires version 1.2.0 - not loading!
> 2016-01-12 16:28:12,111 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded 
> plugins: []
>
> I think, there is something wrong regarding the control of required 
> graylog-version...
>
> Cheers, Cornelius
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a0b01762-8c87-4165-a890-7aac12b6f316%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Change log retention days

2016-01-13 Thread Jochen Schalanda 
Hi Matthew,

you simply have to set the elasticsearch_max_time_per_index configuration 
setting (see 
https://github.com/Graylog2/graylog2-server/blob/1.3.2/misc/graylog2.conf#L107-L117)
 
to 91 days (I know it's not exactly 3 months, but close enough).


Cheers,
Jochen

On Wednesday, 13 January 2016 09:19:40 UTC+1, Matthew Simon wrote:
>
> Hi Guys 
>
> Please could you help me how would i change the log retention days on 
> Graylog to 3 months?
>
> Thanks 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4a4abef8-81f9-4842-a358-856fcc6ae7f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: NXLOG configuration for Computer

2016-01-13 Thread Jochen Schalanda 
Hi Brenda,

you can simply use the im_msvistalog input in nxlog, see 
https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog 
for details.

Cheers,
Jochen

On Wednesday, 13 January 2016 14:22:34 UTC+1, Brendan Lavolée wrote:
>
> Hello, I'm looking for a configuration file of Nxlog for input my logs of 
> my computer W7. If you have any configuration file... thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/54e995b5-d88d-4ca8-ab1b-f4bd1a5963df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: JSON extractor

2016-01-13 Thread Jochen Schalanda 
Hi Nithiya,

you can use one JSON extractor followed by two "Copy input" extractors for 
this, one for copying each field.


Cheers,
Jochen

On Wednesday, 13 January 2016 13:46:00 UTC+1, Nithiya wrote:
>
> Hi - With JSON format in message, how to extract 2 different types of JOSN 
> field into a singel field.
> i.e Format-1 : {"Type":"Test","Desc":"Description1"}
>
> Format-2: {"Type":"Test","Descripton":"Description2"}
>
>
> I want to extract theses 2 types of msgs and want to put 'Desc' and 
> 'Description' in a new field called 'MyDesc'.
>
> How to achieve this in Gray log extractor with JSON as input.
>
> Thanks in advance.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ac3d07e9-da99-41bb-9adb-7d9dbddad5bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.