[graylog2] Graylog System Sizing Problem?

[Dinh Manh]

Hello everyone, I have some problem in sizing graylog system to deloy. I 
read Graylog config file and receive some infomation : 

Elasticsearch_max_number_of_indices = 20 
and elasticsearch_max_size_per_index = 1GB, it mean the maximum data size 
that graylog can recevice is : 20 x 1GB = 20GB.
And the processbuffer_processors : 5 + outputbuffer_processors : 3 = 8 CPU 
(following config file). Should i know that the stadard system should have 
8 CPU for 20GB data (1 CPU for 2,5GB)? 

I hope some people in here who have many experiences about sizing Graylog 
system can answer me, many thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/332dd06d-9c0d-4a44-afba-43edd61fa680%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP Error Graylog does not yet support multiple LDAP backend.... This is a bug, ignoring LDAP config.

[tommcf64]

Hi Jochen,
   Thank you for your assistance.  I have successfully configure ldap 
authentication for Graylog2.
Tom



On Tuesday, March 29, 2016 at 6:45:59 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Tom,
>
> that usually shouldn't happen. Please check the ldap_settings collection 
> in your MongoDB database and either remove all documents in that collection 
> or all but the most recent one:
>
>- https://docs.mongodb.org/getting-started/shell/client/
>- https://docs.mongodb.org/manual/tutorial/remove-documents/
>
>
> Cheers,
> Jochen
>
> On Friday, 25 March 2016 14:59:42 UTC+1, tomm...@gmail.com wrote:
>>
>> Hi,
>>   I am attempting to intergate openldap into Graylog 1.33.  I am new to 
>> ldap search strings and in my attempt to connect the two I caused an issue. 
>>  I see the following error in my server log:
>>
>> 2016-03-23T17:01:56.141-04:00 ERROR [LdapSettingsServiceImpl] Graylog 
>> does not yet support multiple LDAP backends, but 4 configurations were 
>> found. This is a bug, ignoring LDAP config.
>>
>> Can anyone give me insight on how to resolve this issue.
>>
>> Thank you,
>> Tom
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6629f0bf-9485-4d61-a037-fbd95270bd2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Nodes- Connection to machines

[sikender . mohammad]

H Jochen, 


Awesome. That works for me. Now I am able to send logs so easily :) 

Seems everything is fine , but when I see the logs of graylog-web server 
after restart, I see something like ; 


2016-03-30T02:14:25.471-04:00 - [INFO] - from play in main
Application started (Prod)

2016-03-30T02:14:25.614-04:00 - [INFO] - from play in main
Listening for HTTP on /0:0:0:0:0:0:0:0:9000

2016-03-30T02:15:55.038-04:00 - [INFO] - from play in New I/O worker #13
Starting application default Akka system.

2016-03-30T17:12:42.253-04:00 - [ERROR] - from 
org.graylog2.restclient.lib.ApiClient in pool-22-thread-1
Connection refused: /127.0.0.1:12900 to 
http://127.0.0.1:12900/system/metrics/multiple

2016-03-30T17:12:46.427-04:00 - [ERROR] - from 
org.graylog2.restclient.lib.ApiClient in servernodes-refresh-0
Connection refused: /127.0.0.1:12900 to 
http://127.0.0.1:12900/system/cluster/node
"application.log" 145L, 7809C


Can you please tell me where exactly it is pointing to ! 


Thank you 


On Wednesday, March 30, 2016 at 2:10:03 AM UTC-7, Jochen Schalanda wrote:
>
> Hi Sikender,
>
> you cannot bind two inputs to the same network interface (in this case 
> 0.0.0.0:12201). One of those GELF TCP inputs has to use another port (e. 
> g. 12201 or anything above 1024).
>
> Cheers,
> Jochen
>
> On Wednesday, 30 March 2016 00:22:22 UTC+2, sikender...@acesred.com wrote:
>>
>> HI Jochen,
>>
>>
>> Sure. Below are the snapshots of GELF-TCP input running and the other one 
>> saying "Address already in use" 
>>
>> Can you please go through it and let me know where am I going wrong. I 
>> have also attached the config files for reference. 
>>
>>
>>
>>
>> Thank you
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ce353a86-8a0b-47da-afc6-121875dbff1b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Latest problem: Can't recycle or use indices

[Eric Green]

Final resolution: I gave Graylog considerably more resources, including 
both memory and CPU cores. I cycled Elasticsearch and waited until it came 
green (looking at the curl output via the Elasticsearch API). Combined with 
pruning the number of indexes and forcing Graylog to recompute its ranges, 
this appears to have resolved the issue and Graylog has been stable for the 
past three days, with the only outage being caused by PG (Pray Gamble and 
Explode) managing to cut the power to our building for an hour without 
warning.

On Friday, March 25, 2016 at 2:32:08 PM UTC-7, Eric Green wrote:
>
> 2016-03-25T20:47:35.346Z WARN  [IndexHelper] Couldn't find latest 
> deflector target index
> org.graylog2.database.NotFoundException: Index range for index 
>  not found.
>
> I cannot reach the 'indices' page for further information, so I attempted 
> to manually cycle via an API call. At which point I get:
>
> 2016-03-25T20:47:37.985Z ERROR [IndexRotationThread] Couldn't point 
> deflector to a new index
> org.elasticsearch.ElasticsearchTimeoutException: Timeout waiting for task.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bc8a6c8d-24b0-476c-b569-a8a6ad7c5797%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] enforcing ssl

[Marsel Qako]

Hi,

I installed Graylog v2.0 Beta.1. After enforcing ssl with graylog-ctl 
enforce-ssl and running graylog-ctl reconfigure, i get the following error:

We are experiencing problems connecting to the Graylog server running on 
*http://x.x.x.x:12900/*. Please verify that the server is healthy and 
working correctly.

Error messageAccess is denied.
I can't find what else i need to do to force ssl for graylog. Any help 
would be appreciated 
Thank you, 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dbe6c135-1ce8-48f0-bf1b-2315459005e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: User Time Configuration Discrepancy

[Roland Hill]

Hi Jochen,

The workaround also doesn't work. I've added a note as such to the bug
report.

Thanks.

--
Regards,

Roland

On Tue, Mar 29, 2016 at 10:18 PM, Jochen Schalanda 
wrote:

> Hi Roland,
>
> thanks for reporting this! It looks like this is a bug in the web
> interface which doesn't allow users to change their time zones.
>
> As a workaround, you should be able to change the user's time zone as
> admin user on the System -> Users page.
>
> I've created a bug report on GitHub to track this issue:
> https://github.com/Graylog2/graylog2-server/issues/1984
>
>
> Cheers,
> Jochen
>
> On Thursday, 24 March 2016 20:19:42 UTC+1, Roland Hill wrote:
>>
>> Hi list,
>>
>> Currently running graylog v2.0 beta.1, although I saw this on alpha.5 too.
>>
>> I'm probably missing a setting so haven't posted this as a bug.
>>
>> When I log into the web interface as admin, my time configuration
>> settings are correct and look like this:
>>
>>
>> 
>>
>> However when I log in as another user, I get this:
>>
>>
>> 
>>
>> The admin user is getting the correct timezone from what I set in the
>> config file (root_timezone = Pacific/Auckland), but the other user is
>> defaulting to UTC. When I change this via the WebUI (system/users), the UI
>> says the change is saved but it then defaults back to UTC.
>>
>> What is the obvious thing I am missing :-)
>>
>> Thanks all.
>>
>> --
>> Roland
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/ea95547c-11a1-4457-b6cb-49e8e807d42d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CA%2BGGh2VOwgZfCT4NqevGQU%3DtxRwqc486%2BENv0oBO_sT3_rsxdw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Building up field statistics and showing them on a public dashboard

[Victor Pavlushkov]

Hi,

I am a new user of Graylog and got stuck with a very simple task of 
building and showing the statistics for a certain field. So far, I have 
achieved that the logs are getting streamed to my Graylog instance, getting 
indexed there and then parsed by a few extractors that fetch numeric values 
(floats) mentioned in the performance logs. On the search board of Graylog, 
I can display the field statistics, but I cannot have the same table 
available on the public dashboard. Graylog offers me to copy only a widget 
for a single statistical value. Moreover, I'd need to customize the 
statistical values available in that table by adding a few percentiles. By 
checking the Marketplace, I did not find any plugin/widget that would do 
the job. 

To try an alternative approach, I wanted to fetch the field values (and the 
corresponding timestamps) through an API and then show them on some 
external board, but none of the APIs listed in the api-browser Swagger docs 
seems to be matching what I need. 

I am sure that I am missing something simple but could not figure it out. 
Could somebody point me into direction where to look? Thanks a lot!

Victor

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a37b046a-99e1-4c08-8235-efe03cc04661%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: syslog output plugin truncates/drops messages

[Jochen Schalanda]

Hi Martin,

it looks like the maximum message length is hard-coded in that 
plugin: 
https://github.com/wizecore/graylog2-output-syslog/blob/master/src/main/java/com/wizecore/graylog2/plugin/SyslogOutput.java#L75-L79

You might have success with contacting the authors of this 3rd party plugin 
and discuss your use case with them.


Cheers,
Jochen

On Wednesday, 30 March 2016 17:19:16 UTC+2, grayl...@gmx.de wrote:
>
> Hi Jochen,
>
> the "official (???)" plugin from the graylog marketplace:
>
> https://marketplace.graylog.org/addons/8eb67dc0-b855-455c-a37f-0fa8ae522854
>
> Cheers,
>
> Martin
>
>
> On Wednesday, March 30, 2016 at 5:16:51 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi,
>>
>> which output plugin are you using? Graylog itself doesn't ship a syslog 
>> output.
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 30 March 2016 16:26:28 UTC+2, grayl...@gmx.de wrote:
>>>
>>> Hello,
>>>
>>> the rsyslog output plugin truncates messages bigger than approx. 512 
>>> bytes (it puts a "(...)" at the end to show that the message was truncated. 
>>> Messages bigger than 8092 bytes are dropped.
>>>
>>> We would like to forward messages up to 16 k (= rsyslog standard receive 
>>> buffer) untructated to rsyslog. Is there a way to cofigure the plugin to 
>>> change the behaviour of truncating and dropping?
>>>
>>> Thanx in advance!
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8cc79303-6940-48a8-960d-285e26b1a60f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: syslog output plugin truncates/drops messages

[graylog2me]

Hi Jochen,

the "official (???)" plugin from the graylog marketplace:

https://marketplace.graylog.org/addons/8eb67dc0-b855-455c-a37f-0fa8ae522854

Cheers,

Martin


On Wednesday, March 30, 2016 at 5:16:51 PM UTC+2, Jochen Schalanda wrote:
>
> Hi,
>
> which output plugin are you using? Graylog itself doesn't ship a syslog 
> output.
>
> Cheers,
> Jochen
>
> On Wednesday, 30 March 2016 16:26:28 UTC+2, grayl...@gmx.de wrote:
>>
>> Hello,
>>
>> the rsyslog output plugin truncates messages bigger than approx. 512 
>> bytes (it puts a "(...)" at the end to show that the message was truncated. 
>> Messages bigger than 8092 bytes are dropped.
>>
>> We would like to forward messages up to 16 k (= rsyslog standard receive 
>> buffer) untructated to rsyslog. Is there a way to cofigure the plugin to 
>> change the behaviour of truncating and dropping?
>>
>> Thanx in advance!
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cc92c164-8d7c-4abf-9269-0659703c5d62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Content Pack Query

[Jochen Schalanda]

Hi Anant,

if the IP address changed (or an input was bound to a specific IP address 
when exporting the content pack), you need to adjust that setting to the 
new system.

Cheers,
Jochen

On Wednesday, 30 March 2016 16:37:03 UTC+2, Anant Sawant wrote:
>
> Well I just went through the content pack, what I find intriguing was the 
> following field in the content pack json "bind_address" : "172.16.0.191",  
> do I need to change the IP address to the IP address of the machine on 
> which I have newly setup graylog.
>
> On Wednesday, 30 March 2016 17:52:01 UTC+5:30, Anant Sawant wrote:
>>
>> Hi all!!
>>
>>
>> I have installed 1.1.6 version of graylog and have been using it since 
>> more than six months. For some reasons I have installed the same version on 
>> another machine(new setup), but I want to create the same streams and 
>> dashboards. So I created the content pack from the old set up and imported 
>> it to the new one, but I am not getting the Dashboards and streams in the 
>> new one. The new one is completely blank as I have not created any Inputs 
>> on it. What do I need to do to get the content packs working.
>>
>>
>> Thanks In Advance!!
>> Anant.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/808d04d2-9870-4e31-8437-18df42ede044%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: syslog output plugin truncates/drops messages

[Jochen Schalanda]

Hi,

which output plugin are you using? Graylog itself doesn't ship a syslog 
output.

Cheers,
Jochen

On Wednesday, 30 March 2016 16:26:28 UTC+2, grayl...@gmx.de wrote:
>
> Hello,
>
> the rsyslog output plugin truncates messages bigger than approx. 512 bytes 
> (it puts a "(...)" at the end to show that the message was truncated. 
> Messages bigger than 8092 bytes are dropped.
>
> We would like to forward messages up to 16 k (= rsyslog standard receive 
> buffer) untructated to rsyslog. Is there a way to cofigure the plugin to 
> change the behaviour of truncating and dropping?
>
> Thanx in advance!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/656f2c07-42f7-426a-a06e-c148655a9163%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Content Pack Query

[Anant Sawant]

Well I just went through the content pack, what I find intriguing was the 
following field in the content pack json "bind_address" : "172.16.0.191",  
do I need to change the IP address to the IP address of the machine on 
which I have newly setup graylog.

On Wednesday, 30 March 2016 17:52:01 UTC+5:30, Anant Sawant wrote:
>
> Hi all!!
>
>
> I have installed 1.1.6 version of graylog and have been using it since 
> more than six months. For some reasons I have installed the same version on 
> another machine(new setup), but I want to create the same streams and 
> dashboards. So I created the content pack from the old set up and imported 
> it to the new one, but I am not getting the Dashboards and streams in the 
> new one. The new one is completely blank as I have not created any Inputs 
> on it. What do I need to do to get the content packs working.
>
>
> Thanks In Advance!!
> Anant.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/94c9e6f1-fb86-425c-92d8-6ed2cf36759a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] syslog output plugin truncates/drops messages

[graylog2me]

Hello,

the rsyslog output plugin truncates messages bigger than approx. 512 bytes 
(it puts a "(...)" at the end to show that the message was truncated. 
Messages bigger than 8092 bytes are dropped.

We would like to forward messages up to 16 k (= rsyslog standard receive 
buffer) untructated to rsyslog. Is there a way to cofigure the plugin to 
change the behaviour of truncating and dropping?

Thanx in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/20f009a4-7741-4d4c-bab3-db0c19c33db7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to use the Auto content pack loader

[graylog2me]

Hello Jochen,

thanx for help. 

It does exactly what it should. Very important feature for automation!

Greetings,

Martin


On Wednesday, March 30, 2016 at 3:02:28 PM UTC+2, Jochen Schalanda wrote:
>
> Hi,
>
> that feature is a bit overhyped.
>
> You simply download content packs (e. g. from the Graylog Marketplace 
> ) and put the 
> downloaded JSON files into content_packs_dir (
> https://github.com/Graylog2/graylog2-server/blob/1.3.4/misc/graylog2.conf#L414-L415)
>  
> from which they're automatically *imported* on startup.
>
> If you list one or more of those files in content_packs_auto_load (
> https://github.com/Graylog2/graylog2-server/blob/1.3.4/misc/graylog2.conf#L417-L419),
>  
> they're also automatically *applied* on startup.
>
>
> Cheers,
> Jochen
>
> On Wednesday, 30 March 2016 13:45:10 UTC+2, grayl...@gmx.de wrote:
>>
>> Hello,
>>
>> in documentation of version 1.3 the "Auto content pack loader – download 
>> and install content packs automatically" feature is announced. But there no 
>> documention, how to use it.
>>
>> How can the "Auto content pack loader" be use to import configuration 
>> automatically.
>>
>> Thanx for help in advance!
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9c9d4549-5f49-49e4-9c2b-4604e960861e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Content Pack Query

[Jochen Schalanda]

Hi Anant,

did you also apply the imported content pack in your new Graylog instance?

As a side note, you should upgrade to Graylog 1.3.4 which includes numerous 
bug-fixes over Graylog 1.1.6.


Cheers,
Jochen

On Wednesday, 30 March 2016 14:22:01 UTC+2, Anant Sawant wrote:
>
> Hi all!!
>
>
> I have installed 1.1.6 version of graylog and have been using it since 
> more than six months. For some reasons I have installed the same version on 
> another machine(new setup), but I want to create the same streams and 
> dashboards. So I created the content pack from the old set up and imported 
> it to the new one, but I am not getting the Dashboards and streams in the 
> new one. The new one is completely blank as I have not created any Inputs 
> on it. What do I need to do to get the content packs working.
>
>
> Thanks In Advance!!
> Anant.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/327b039a-c58c-432a-88d8-2f18efb2d4f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Regex match not working

[Edmundo Alvarez]

Precisely. The condition is evaluated before the extractor runs, to check if it 
should attempt the extraction for that field or not.
Edmundo

> On 30 Mar 2016, at 13:03, Daniel Niasoff  wrote:
> 
> Are you saying that the regex condition works on the whole message not the 
> extracted field?
> 
> On Wednesday, 30 March 2016 10:16:48 UTC+1, Edmundo Alvarez wrote:
> Hi Daniel, 
> 
> The regex condition you use will always try to extract the 4th split element, 
> if there is a number in the whole message field, as it's the one you use for 
> the extractor. I guess some of your messages contain numbers, but not in the 
> place you want them to be. If that is the case, I would start by trying to 
> find a better patter to differentiate between both messages. 
> 
> Regards, 
> Edmundo 
> 
> > On 29 Mar 2016, at 23:32, Daniel Niasoff  wrote: 
> > 
> > Hi 
> > 
> > I have an extractor that tried to extract a numeric field from a message. 
> > 
> > I am using split and index and field content can sometimes contain a "-" 
> > instead of a number. 
> > 
> > I have a regex pattern that checks for valid numerals -  "\d+" 
> > 
> > But Graylog still extracts the field even if it just contains a "-" which 
> > messes up statistics. 
> > 
> > Here is the config of the extractor. 
> > 
> > 
> >   { 
> >   "condition_type": "regex", 
> >   "condition_value": "\d+", 
> >   "converters": [ 
> > { 
> >   "type": "numeric", 
> >   "config": {} 
> > } 
> >   ], 
> >   "cursor_strategy": "copy", 
> >   "extractor_config": { 
> > "index": 4, 
> > "split_by": " ' %1B ' " 
> >   }, 
> >   "extractor_type": "split_and_index", 
> >   "order": 3, 
> >   "source_field": "message", 
> >   "target_field": "Client-Time-Taken", 
> >   "title": "Client-Time-Taken" 
> > }, 
> > 
> > Any ideas? 
> > 
> > Thanks 
> > 
> > Daniel 
> > 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to graylog2+u...@googlegroups.com. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/graylog2/c55d782d-3ead-4af4-b645-01cca05069a5%40googlegroups.com.
> >  
> > For more options, visit https://groups.google.com/d/optout. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/04978e9f-c241-4201-8125-933e3808004a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/E91D8304-0B88-4F63-A983-2043625A4C2C%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] How to use the Auto content pack loader

[graylog2me]

Hello,

in documentation of version 1.3 the "Auto content pack loader – download 
and install content packs automatically" feature is announced. But there no 
documention, how to use it.

How can the "Auto content pack loader" be use to import configuration 
automatically.

Thanx for help in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c7c8e99d-e9c3-41fb-a26c-bc906194eb10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Regex match not working

[Daniel Niasoff]

Are you saying that the regex condition works on the whole message not the 
extracted field?

On Wednesday, 30 March 2016 10:16:48 UTC+1, Edmundo Alvarez wrote:
>
> Hi Daniel, 
>
> The regex condition you use will always try to extract the 4th split 
> element, if there is a number in the whole message field, as it's the one 
> you use for the extractor. I guess some of your messages contain numbers, 
> but not in the place you want them to be. If that is the case, I would 
> start by trying to find a better patter to differentiate between both 
> messages. 
>
> Regards, 
> Edmundo 
>
> > On 29 Mar 2016, at 23:32, Daniel Niasoff  > wrote: 
> > 
> > Hi 
> > 
> > I have an extractor that tried to extract a numeric field from a 
> message. 
> > 
> > I am using split and index and field content can sometimes contain a "-" 
> instead of a number. 
> > 
> > I have a regex pattern that checks for valid numerals -  "\d+" 
> > 
> > But Graylog still extracts the field even if it just contains a "-" 
> which messes up statistics. 
> > 
> > Here is the config of the extractor. 
> > 
> > 
> >   { 
> >   "condition_type": "regex", 
> >   "condition_value": "\d+", 
> >   "converters": [ 
> > { 
> >   "type": "numeric", 
> >   "config": {} 
> > } 
> >   ], 
> >   "cursor_strategy": "copy", 
> >   "extractor_config": { 
> > "index": 4, 
> > "split_by": " ' %1B ' " 
> >   }, 
> >   "extractor_type": "split_and_index", 
> >   "order": 3, 
> >   "source_field": "message", 
> >   "target_field": "Client-Time-Taken", 
> >   "title": "Client-Time-Taken" 
> > }, 
> > 
> > Any ideas? 
> > 
> > Thanks 
> > 
> > Daniel 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/c55d782d-3ead-4af4-b645-01cca05069a5%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/04978e9f-c241-4201-8125-933e3808004a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Nodes- Connection to machines

[Jochen Schalanda]

Hi Sikender,

you cannot bind two inputs to the same network interface (in this case 
0.0.0.0:12201). One of those GELF TCP inputs has to use another port (e. g. 
12201 or anything above 1024).

Cheers,
Jochen

On Wednesday, 30 March 2016 00:22:22 UTC+2, sikender...@acesred.com wrote:
>
> HI Jochen,
>
>
> Sure. Below are the snapshots of GELF-TCP input running and the other one 
> saying "Address already in use" 
>
> Can you please go through it and let me know where am I going wrong. I 
> have also attached the config files for reference. 
>
>
>
>
> Thank you
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1751d930-9ef5-4cb0-98ff-ba47abf58370%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: script from url was blocked due to mime type mismatch

[Jochen Schalanda]

Hi Amit,

the fix for this issue will be included in the next beta version of Graylog.

Cheers,
Jochen

On Tuesday, 29 March 2016 20:43:21 UTC+2, Amit Sharma wrote:
>
> HI team,
>
> i viewed https://github.com/Graylog2/graylog2-server/issues/1982 has been 
> resolved by bernd,
>
> can please tell me, what i need to do for the resolution ?
>
> thanks
> amit
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8014c559-9d02-4554-9600-98226a1bb4b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Json Rest Service

['Pascal Homberg' via Graylog Users]

Hello, I am new to this kind of work but now I have a question

I have a rest service that will send me Log data in a json format

[{"level": "800","timestamp": "2016-03-30T08:48:53.679","message":"test 
message"},{...}]

Now I want to get these log files inside greylog 
I tried using "json path from HTTP API"

But I do not receive any messages. The problem is I do not know how to fill 
in the form 

URI of JSON: Adress to my web Service (will give me a json output when 
opening directly from the browser).
Interval: 1 minute
Json path of data to extract: tried something but do now really know what 
to enter here?

Hopefully anyone can help me and get this thing working!

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2f5130aa-41d1-461e-8ad6-b7f3a7dced7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: broken link in your docs

[Jochen Schalanda]

Hi Ovidiu,

thanks again for reporting this! We've fixed the respective part of our 
documentation.

If you mind more errors or unclear passages in our docs, you can simply 
create a GitHub issue at https://github.com/Graylog2/documentation/issues.


Cheers,
Jochen

On Wednesday, 30 March 2016 08:18:40 UTC+2, Ovidiu Pacuraru wrote:
>
> On this page: 
> http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html there 
> is a broken link: 
> http://docs.oracle.com/javase/8/docs/technotes/tools/solaris/keytool.html
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/65c6d950-de1d-4bea-94e7-857243a10335%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Link to instructions on how to manually install the latest beta?

['Ovidiu Pacuraru' via Graylog Users]

Any help here, I am kinda lost. 
I even went ahead and got myself real certificates from startssl - can I 
use the same for the rest api and for the web interface? 
The web interface is now unreachable: http://edgar.ict-consult.co.za:9000/

seeing these last few lines when restarting graylog:
2016-03-30T09:03:23.231+02:00 WARN  [DeadEventLoggingListener] Received 
unhandled event of type  from 
event bus 
2016-03-30T09:03:26.050+02:00 WARN  [discovery] 
[graylog-8d1d7900-84c4-4c2a-86e2-0169d47e7103] waited for 3s and no initial 
state was set by the discovery
2016-03-30T09:03:26.051+02:00 ERROR [ServiceManager] Service 
IndexerSetupService [FAILED] has failed in the STOPPING state.
java.lang.IllegalStateException: Can't move to started state when closed
at 
org.elasticsearch.common.component.Lifecycle.canMoveToStarted(Lifecycle.java:116)
 
~[graylog.jar:?]
at 
org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:62)
 
~[graylog.jar:?]
at org.elasticsearch.node.Node.start(Node.java:266) ~[graylog.jar:?]
at 
org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114)
 
~[graylog.jar:?]
at 
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
 
[graylog.jar:?]
at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
2016-03-30T09:03:26.051+02:00 ERROR [ServerBootstrap] Graylog startup 
failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The 
following services are not running: {STARTING=[RestApiService [STARTING], 
IndexerSetupService [STARTING]], FAILED=[WebInterfaceService [FAILED]]}
at 
com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:713)
 
~[graylog.jar:?]
at 
com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:542)
 
~[graylog.jar:?]
at 
com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:299)
 
~[graylog.jar:?]
at 
org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:122) 
[graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:196) 
[graylog.jar:?]
at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
2016-03-30T09:03:26.051+02:00 INFO  [ServiceManagerListener] Services are 
now stopped.
2016-03-30T09:03:26.052+02:00 WARN  [DeadEventLoggingListener] Received 
unhandled event of type  from 
event bus 
2016-03-30T09:03:26.054+02:00 INFO  [Server] SIGNAL received. Shutting down.

I've tried reading through the HTTPS section here: 
http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html but I 
am unsure what the KEY FILE is. Startssl only gave my crt files. 

Any help is much appreciated :-( my current server.conf at 
pastebin: http://pastebin.com/puPzwEN1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/53792361-e1f9-4400-bccb-d5a8aba4909a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] broken link in your docs

['Ovidiu Pacuraru' via Graylog Users]

On this page: 
http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html there 
is a broken link: 
http://docs.oracle.com/javase/8/docs/technotes/tools/solaris/keytool.html

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/37ba9731-846c-471a-9e5f-2d6e3e8c1b72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.