[graylog2] installed marvel - now seemed to have corrupted entire graylog db

[Jason Haar]

Hi there

Over the weekend I installed the ES marvel diagnostics package and the
following day noticed that graylog was broken. Restarting ES showed 20,000
shards in an UNASSIGNED state. I disabled graylog-server (so there was no
new data flowing in) and watched over the next couple of hours as that
UNASSIGNED number dropped down to 0 (and GREEN). I then restarted ES and -
bam - back to 20,000 UNASSIGNED shards again

I've now done three iterations of that - looks like it's completely borked.
There's over 5TB of data in there - how can I regain it?

PS: I don't know if this has anything to do with marvel - it's just the
last change I made. The reason I installed it was because I have had ES
continually doing this kind of thing - but previously stopping graylog,
restarting ES and waiting would lead to a happy ES - but no longer.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgLkJYm6PnHRLVstu%3Dva%2BDLfRsG4qGHcy9piu2BZf_oWPA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Cannot access web-interface with preset login/password

[Milo Veozir]

>
> Jochen,
> I used your hash, and it's still giving me invalid credentials message. 
> Here is my entire server.conf file:
>
> On Tuesday, 5 April 2016 10:35:11 UTC+2, Milo Veozir wrote:
>>
>> Jochen,
>> I generated password's hash like that: echo -n "password" | sha256sum, 
>> and then i put that checksum in server.conf: root_password_sha2=mychecksum. 
>> Password's hash seems legit.
>>
>> вторник, 5 апреля 2016 г., 13:00:52 UTC+5 пользователь Jochen Schalanda 
>> написал:
>>>
>>> Hi Milo,
>>>
>>> how exactly did you generate the SHA-256 hash of your password? Where 
>>> exactly did you put that checksum? Are there any trailing or non-printable 
>>> characters around the password hash?
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 5 April 2016 06:24:26 UTC+2, Milo Veozir wrote:

 Hi everyone,
 I'm complete newbie in Graylog and following this tutorial

 https://www.digitalocean.com/community/tutorials/how-to-install-graylog-1-x-on-ubuntu-14-04
 I have problems with logging into the Graylog web-interface with 
 admin's login and password that i've set earlier.
 I've double checked shasum of my password, and still can not log in.
 Help, please



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/622a26ce-5a1a-459a-855b-28ace6206990%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
# If you are running more than one instances of graylog2-server you have to 
select one of these
# instances as master. The master will perform some periodical tasks that 
non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after 
restarts. It is a good idea
# to use an absolute file path here if you are starting graylog2-server from 
init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at 
least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret=rtXuaazyQCw5TbWViBojvireNHWPrJ0p9A0QXF6YQLWs8cGI7nHcENlO7T7rV3E0rHMKr2gpMelERXKeyXtSPpyX6VscHFWC

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to 
initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If 
you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2=5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user.
# The configured time zone must be parseable by 
http://www.joda.org/joda-time/apidocs/org/joda/time/DateTimeZone.html#forID-java.
lang.String-
# Default is UTC
#root_timezone = UTC

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

# REST API listen URI. Must be reachable by other graylog2-server nodes if you 
run a cluster.
rest_listen_uri = http://127.0.0.1:12900/

# REST API transport address. Defaults to the value of rest_listen_uri. 
Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system 
address is used.
# If set, his will be promoted in the cluster discovery APIs, so other nodes 
may try to connect on
# this address and it is used to generate URLs addressing entities in the REST 
API. (see rest_listen_uri)
# You will need to define this, if your Graylog server is running behind a HTTP 
proxy that is rewriting
# the scheme, host name or URI.
rest_transport_uri = http://172.0.0.1:12900/

# Enable CORS headers for REST API. This is necessary for JS-clients accessing 
the server directly.
# If these are disabled, modern browsers will not be able to retrieve resources 
from the server.
# This is disabled by default. Uncomment the next line to enable it.
#rest_enable_cors = true

# Enable GZIP support for REST API. This compresses API responses and therefore 
helps to reduce
# overall round trip times. This is disabled by default. Uncomment the next 
line to enable it.
#rest_enable_gzip = true

# Enable HTTPS support for the REST API. This secures the communication with 
the REST API with
# TLS to prevent request forgery and eavesdropping. This is disabled by 
default. Uncomment the
# next line to enable it.
#rest_enable_tls = true

# The X.509 certificate file to use for securing the REST API.
#rest_tls_cert_file = /path/to/graylog2.crt

# The private key to use for securing the REST API.

[graylog2] Finding a happy medium between performance and disk usage.

[BKeep]

Hi,

I have four data nodes and I am wondering if it makes sense to reduce the 
number from four to two and double up on the resources. I am trying to find 
a happy medium between performance and disk usage. The current data nodes 
are setup with 16GB of RAM and 4vCPU's but would it be better if I went 
with two data nodes, doubling the resources?

Basically, build two data nodes with 32GB of RAM and 8vCPU's. Has anyone 
done testing related to the performance impact of a move like this? Will 
the search performance ultimately stay about the same given that no other 
changes will be made except the change in replicas and shards to match a 
two node cluster vs a four node cluster?

I appreciate any feedback.
Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/894f6c3c-4ef5-4e0a-9265-1cc7d2982b55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.