[graylog2] Re: Email notifications using extractors
Documentation is not specifying the way you access specific fields.
Assuming Ip and Command are specific fields you extracted,
Just try:
${foreach backlog message}${message.fields.Ip} ${message.fields.Command} - my
version ${end}
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/12ff-2001-43a9-ad50-027fbd908a18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Timestamp in graylog
Dear Wonderfull People, We send gelf messages to graylog to record our usage events. I have manipulated the gelf message to have the timestamp we want, but the messages are all showing up in graylog at the moment they were received. (I dump in 100 messages of events that took place over a 2 week period, and they all show up in the graphs at the moment I uploaded them.) I have been banging my head on this, and I bet there is a simple way around it. Any ideas? Thanks, Skip -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0f677733-078f-4ae1-82d2-423ee7d3b62d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Graylog v1.3.3 Start up FreeBSD
Please!!! Help me! There are startup scripts for FreeBSD? graylog-server, graylog-web... -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/900e2037-c7e6-4843-90f4-3c9f4943d194%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Safe to vmotion graylog servers?
I think I'll just shut them down to be safe. Thanks Jan! On Wednesday, January 27, 2016 at 2:00:03 AM UTC-8, Jan Doberstein wrote: > > Dear Frank, > > i will not use the phrase "it depends" - but if you did not have a high > load this should work without a problem (my personal experience). But if > you have a high load this might lead to hick ups. To be sure you did not > have any problems you should anyway use a Downtime / Maintenance Window for > such a task. > > I know that this might not the answer you like to hear, but without > knowledge about your Hardware, Load and Service Level you need make the > decision on your onw. > > regards > Jan > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9b13e66c-1078-40aa-b496-0535a1392821%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Gelf TCP - TLS key file or certificate file does not exist - docker image
Hi, When I use the graylog docker image and configuring the GelfTCP with below values. And also entering the certificate path from the UI recv_buffer_size: 1048576 port: 12201 tls_key_file: /opt/graylog/conf/nginx/ca/graylog.key tls_key_password: *** tls_enable: true use_null_delimiter: true tls_client_auth_cert_file: max_message_size: 2097152 tls_client_auth: optional override_source: bind_address: 0.0.0.0 tls_cert_file: /opt/graylog/conf/nginx/ca/graylog.crt Both the cert and key file are exist but it is still creating self signed certificate as below registry_1 | 2016-01-27_21:29:09.31474 WARN [AbstractTcpTransport] TLS key file or certificate file does not exist, creating a self-signed certificate for input [GELF TCP/56a936a5e4b034e265a2f16d]. registry_1 | 2016-01-27_21:29:09.31903 INFO [InputStateListener] Input [GELF TCP/56a936a5e4b034e265a2f16d] is now STARTING registry_1 | 2016-01-27_21:29:09.40140 INFO [AbstractTcpTransport] Enabled TLS for input [GELF TCP/56a936a5e4b034e265a2f16d]. key-file="/tmp/keyutil_0.0.0.0:null_1142539487444557174.key" cert-file="/tmp/keyutil_0.0.0.0:null_5372303287589154166.crt" registry_1 | 2016-01-27_21:29:09.41374 INFO [InputStateListener] Input [GELF TCP/56a936a5e4b034e265a2f16d] is now RUNNING -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/43202b69-9240-41b3-9667-1790a81d456d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Safe to vmotion graylog servers?
I plan on moving my graylog servers to their own LUN and want to know if it's safe to vmotion graylog servers while they are running, or should I shut them down before vmotion? Anybody else have experience with this? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/5a82bd54-54b2-4596-bdb0-d29f667f593e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Safe to vmotion graylog servers?
Dear Frank, i will not use the phrase "it depends" - but if you did not have a high load this should work without a problem (my personal experience). But if you have a high load this might lead to hick ups. To be sure you did not have any problems you should anyway use a Downtime / Maintenance Window for such a task. I know that this might not the answer you like to hear, but without knowledge about your Hardware, Load and Service Level you need make the decision on your onw. regards Jan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAGm-bLbfM%3D%3Dc1tD%3DSD%3DOb%2BRNeEoWcrxSXa9ea-zpB%3DoENL8czA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Email notifications using extractors
Hi Stan
This should work:
${foreach backlog message}${message.fields.Ip} ${message.fields.Command} - my
version ${end}
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/d63c29b4-7f19-417f-aeea-69badeb94e64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: how i can search messages form stream using graylog-server
Just for future reference. to search in specific stream use filter parameter and give value like "*streams:54eef414e4b00317d30f6c2e*". sample get url : search/universal/absolute?query=finished=2016-01-20%2001%3A01%3A01= 2016-01-20%2023%3A01%3A01=10=streams%3A54eef414e4b00317d30f6c2e On Sunday, 1 March 2015 10:54:21 UTC+5:30, Avdhoot Dendge wrote: > > Thanks Jochen > > Ohh thats was tricky/simple. > > On Saturday, February 28, 2015 at 9:53:00 PM UTC+5:30, Jochen Schalanda > wrote: >> >> Hi Avdhoot, >> >> messages are tagged with the streams they've matched at ingestion time, >> so you can simply search for messages of a specific stream by adding the >> stream ID to the query, e. g. if the stream you'd like to search in has the >> ID *548b1c18cafebabedeadbeef*, your query might be as simple as " >> *streams:548b1c18cafebabedeadbeef*". >> >> Cheers, >> Jochen >> >> On Saturday, 28 February 2015 13:22:37 UTC+1, Avdhoot Dendge wrote: >>> >>> Hello >>> i am able search messages using api but i wan to restrict search to >>> specific stream So how i can search messages form stream using >>> graylog-server >>> api?. >>> >>> Thanks for help. >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/360937d0-a23e-49d5-acf2-dd8c16ad8c31%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New plugin : Hadoop HDFS output plugin for Graylog
Hi Dennis, you might have more success with filing an issue with the project: https://github.com/sivasamyk/graylog-plugin-output-webhdfs/issues Cheers, Jochen On Wednesday, 27 January 2016 13:54:45 UTC+1, Dennis Muller wrote: > > > > 2016-01-27T06:53:05.616-06:00 WARN [WebHDFSOutput] Exception while > writing to HDFS > java.io.IOException: Server returned HTTP response code: 400 for URL: > http://:50070/webhdfs/v1//syslog/xxxxxx/messages/20160127?op=APPEND=graylog > at sun.reflect.GeneratedConstructorAccessor75.newInstance(Unknown > Source) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:422) > at > sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1890) > at > sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1885) > at java.security.AccessController.doPrivileged(Native Method) > at > sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1884) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1457) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) > at > org.apache.hadoop.fs.http.client.WebHDFSConnection.result(WebHDFSConnection.java:128) > at > org.apache.hadoop.fs.http.client.WebHDFSConnection.append(WebHDFSConnection.java:550) > at > org.graylog.outputs.hdfs.WebHDFSOutput.writeToHdfs(WebHDFSOutput.java:148) > at > org.graylog.outputs.hdfs.WebHDFSOutput.writeToHdfs(WebHDFSOutput.java:139) > at > org.graylog.outputs.hdfs.WebHDFSOutput.access$000(WebHDFSOutput.java:27) > at > org.graylog.outputs.hdfs.WebHDFSOutput$1.run(WebHDFSOutput.java:92) > at java.util.TimerThread.mainLoop(Timer.java:555) > at java.util.TimerThread.run(Timer.java:505) > Caused by: java.io.IOException: Server returned HTTP response code: 400 > for URL: > http://xx:50070/webhdfs/v1//syslog//messages/20160127?op=APPEND=graylog > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) > at > sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2943) > at > org.apache.hadoop.fs.http.client.WebHDFSConnection.append(WebHDFSConnection.java:549) > ... 6 more > > On Thursday, July 30, 2015 at 10:40:15 AM UTC-5, Sivasamy Kaliappan wrote: >> >> All, >> >> I have developed a Hadoop output plugin for graylog to forward the stream >> output to Hadoop HDFS. >> The plugin uses WebHDFS protocol to talk to Hadoop cluster. >> >> It support custom message formats and pseudo authentication. >> >> Give it a try and let me know your comments. >> >> Plugin URL : https://github.com/sivasamyk/graylog-plugin-output-webhdfs >> >> Regards, >> Siva. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/051d4389-4435-47da-8b18-b0856d66f491%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New plugin : Hadoop HDFS output plugin for Graylog
2016-01-27T06:53:05.616-06:00 WARN [WebHDFSOutput] Exception while writing to HDFS java.io.IOException: Server returned HTTP response code: 400 for URL: http://:50070/webhdfs/v1//syslog/xx/messages/20160127?op=APPEND=graylog at sun.reflect.GeneratedConstructorAccessor75.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1890) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1885) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1884) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1457) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at org.apache.hadoop.fs.http.client.WebHDFSConnection.result(WebHDFSConnection.java:128) at org.apache.hadoop.fs.http.client.WebHDFSConnection.append(WebHDFSConnection.java:550) at org.graylog.outputs.hdfs.WebHDFSOutput.writeToHdfs(WebHDFSOutput.java:148) at org.graylog.outputs.hdfs.WebHDFSOutput.writeToHdfs(WebHDFSOutput.java:139) at org.graylog.outputs.hdfs.WebHDFSOutput.access$000(WebHDFSOutput.java:27) at org.graylog.outputs.hdfs.WebHDFSOutput$1.run(WebHDFSOutput.java:92) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://xx:50070/webhdfs/v1//syslog//messages/20160127?op=APPEND=graylog at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2943) at org.apache.hadoop.fs.http.client.WebHDFSConnection.append(WebHDFSConnection.java:549) ... 6 more On Thursday, July 30, 2015 at 10:40:15 AM UTC-5, Sivasamy Kaliappan wrote: > > All, > > I have developed a Hadoop output plugin for graylog to forward the stream > output to Hadoop HDFS. > The plugin uses WebHDFS protocol to talk to Hadoop cluster. > > It support custom message formats and pseudo authentication. > > Give it a try and let me know your comments. > > Plugin URL : https://github.com/sivasamyk/graylog-plugin-output-webhdfs > > Regards, > Siva. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c269dea3-bb84-43ec-8a32-4d0b5bd2e625%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New plugin : Hadoop HDFS output plugin for Graylog
Just curious if you have any feedback. I tried this plugin and it is not working. We are using hadoop 2.7.1 2016-01-27T06:53:05.616-06:00 WARN [WebHDFSOutput] Exception while writing to HDFS java.io.IOException: Server returned HTTP response code: 400 for URL: http://dfwlnpmqm-01:50070/webhdfs/v1//syslog/dfwlnqcpqdb-02.supermedia.com/messages/20160127?op=APPEND=graylog at sun.reflect.GeneratedConstructorAccessor75.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1890) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1885) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1884) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1457) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at org.apache.hadoop.fs.http.client.WebHDFSConnection.result(WebHDFSConnection.java:128) at org.apache.hadoop.fs.http.client.WebHDFSConnection.append(WebHDFSConnection.java:550) at org.graylog.outputs.hdfs.WebHDFSOutput.writeToHdfs(WebHDFSOutput.java:148) at org.graylog.outputs.hdfs.WebHDFSOutput.writeToHdfs(WebHDFSOutput.java:139) at org.graylog.outputs.hdfs.WebHDFSOutput.access$000(WebHDFSOutput.java:27) at org.graylog.outputs.hdfs.WebHDFSOutput$1.run(WebHDFSOutput.java:92) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://dfwlnpmqm-01:50070/webhdfs/v1//syslog/dfwlnqcpqdb-02.supermedia.com/messages/20160127?op=APPEND=graylog at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2943) at org.apache.hadoop.fs.http.client.WebHDFSConnection.append(WebHDFSConnection.java:549) ... 6 more On Thursday, July 30, 2015 at 10:40:15 AM UTC-5, Sivasamy Kaliappan wrote: > > All, > > I have developed a Hadoop output plugin for graylog to forward the stream > output to Hadoop HDFS. > The plugin uses WebHDFS protocol to talk to Hadoop cluster. > > It support custom message formats and pseudo authentication. > > Give it a try and let me know your comments. > > Plugin URL : https://github.com/sivasamyk/graylog-plugin-output-webhdfs > > Regards, > Siva. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b3eb127f-f40f-4dfc-a13f-688f1564f791%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
