Re: [graylog2] Is there a way to directly generate count chart based on non-numeric values?

[Nuttanart Pornprasitsakul]

Hi Drew,

That's a neat trick!. Thanks for sharing. Maybe change type to *total*
instead of *sum* gives even more accurate chart?

Thanks,

On Fri, May 20, 2016 at 9:17 AM Drew Miranda  wrote:

> Something I've done as a neat work around is run the query to get a normal
> histogram, and then show the hidden field timestamp which exists on all
> message. I then generate a chart using that field and change type from mean
> so sum. It will then give you a chart matching the histogram above. You can
> then repeat the process for other search terms and stack the charts.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/csLsSJTg6j0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/0082c2a6-aacf-47e4-bfd4-02b4564c40b0%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGv4AHp4x9nzXkMB3iwRsQao1MAOoz4Fs7mvWxpHSd3zdwhmFQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] new cluster install failing

[Drew Miranda]

Is you mongodb on a different host? You may need to edit the mongodb config. By 
default it only binds to 127.0.0.1 and isn't reachable from external hosts.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/79efdbfd-216c-4215-ad34-aaece48e6dca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Is there a way to directly generate count chart based on non-numeric values?

[Drew Miranda]

Something I've done as a neat work around is run the query to get a normal 
histogram, and then show the hidden field timestamp which exists on all 
message. I then generate a chart using that field and change type from mean so 
sum. It will then give you a chart matching the histogram above. You can then 
repeat the process for other search terms and stack the charts.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0082c2a6-aacf-47e4-bfd4-02b4564c40b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Is there a way to directly generate count chart based on non-numeric values?

[Nuttanart Pornprasitsakul]

Got it. Thanks, Jochen.

On Thu, May 19, 2016 at 8:11 PM Jochen Schalanda  wrote:

> Hi Nuttanart,
>
> charts from non-numeric values (except "Quick Values") are currently not
> supported in Graylog.
>
> Cheers,
> Jochen
>
>
> On Thursday, 19 May 2016 06:44:58 UTC+2, Nuttanart Pornprasitsakul wrote:
>>
>> Hi,
>>
>> My messages have Event field which value could be something like
>> "user_signed_in", "order_created", "order_paid" and so on. How do I create
>> a line chart, each line represent total number of each event type message,
>> and all 3 lines in the same chart?
>>
>> I can think of one approach, always adding Count field with value 1 to
>> these messages, then generate chart of each event type with this Count
>> field. Is this the way to do it? Is it possible to create a count chart on
>> non-numeric value directly?
>>
>> Thanks
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/csLsSJTg6j0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/45625d0f-09a6-4bab-b75e-884b4b7e9a29%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGv4AHq_huYmC%3Dqy4V7izJ87b_LpFhm_EddGuvJPxUSSoRB4og%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] new cluster install failing

[john tombin]

I've installed a new graylog2 cluster, with the following components; 3 
graylog2 servers, 3 elasticsearch servers, and a mongodb cluster.  the 
mongodb cluster has 2 mongos routers, 3 config servers, and 2 shard servers.

When i initially start up graylog everything appears fine in the logs. 
 When I connect to port 9000 of one of the hosts, it initially loads and 
provides username and password box, but then shows an error bad request for 
GET http://10.110.1.48:12900/system/sessions.

When looking at the server.log file i see a lot of the following:

2016-05-19 23:50:18,464 WARN : org.mongodb.driver.connection - Got socket 
exception on connection [connectionId{localValue:23}] 
to mongodb.vip.hostname.com:27017. All 
connections to mongodb.vip.hostname.com:27017 will be closed.

2016-05-19 23:50:18,464 INFO : org.mongodb.driver.connection - Closed 
connection [connectionId{localValue:23}] to mongodb.vip.hostname.com:27017 
because there was a socket exception raised by this connection.

2016-05-19 23:50:18,464 WARN : org.graylog2.events.ClusterEventPeriodical - 
Error while reading cluster events from MongoDB, retrying.

com.mongodb.MongoSocketReadException: Prematurely reached end of stream

at com.mongodb.connection.SocketStream.read(SocketStream.java:88) 
~[graylog.jar:?]

at 
com.mongodb.connection.InternalStreamConnection.receiveResponseBuffers(InternalStreamConnection.java:491)
 
~[graylog.jar:?]

at 
com.mongodb.connection.InternalStreamConnection.receiveMessage(InternalStreamConnection.java:221)
 
~[graylog.jar:?]

at 
com.mongodb.connection.UsageTrackingInternalConnection.receiveMessage(UsageTrackingInternalConnection.java:102)
 
~[graylog.jar:?]

at 
com.mongodb.connection.DefaultConnectionPool$PooledConnection.receiveMessage(DefaultConnectionPool.java:435)
 
~[graylog.jar:?]

at com.mongodb.connection.QueryProtocol.execute(QueryProtocol.java:297) 
~[graylog.jar:?]

at com.mongodb.connection.QueryProtocol.execute(QueryProtocol.java:54) 
~[graylog.jar:?]

at 
com.mongodb.connection.DefaultServer$DefaultServerProtocolExecutor.execute(DefaultServer.java:159)
 
~[graylog.jar:?]

at 
com.mongodb.connection.DefaultServerConnection.executeProtocol(DefaultServerConnection.java:286)
 
~[graylog.jar:?]

at 
com.mongodb.connection.DefaultServerConnection.query(DefaultServerConnection.java:209)
 
~[graylog.jar:?]

at com.mongodb.operation.FindOperation$1.call(FindOperation.java:496) 
~[graylog.jar:?]

at com.mongodb.operation.FindOperation$1.call(FindOperation.java:482) 
~[graylog.jar:?]

at 
com.mongodb.operation.OperationHelper.withConnectionSource(OperationHelper.java:239)
 
~[graylog.jar:?]

at 
com.mongodb.operation.OperationHelper.withConnection(OperationHelper.java:212) 
~[graylog.jar:?]

at com.mongodb.operation.FindOperation.execute(FindOperation.java:482) 
~[graylog.jar:?]

at com.mongodb.operation.FindOperation.execute(FindOperation.java:79) 
~[graylog.jar:?]

at com.mongodb.Mongo.execute(Mongo.java:772) ~[graylog.jar:?]

at com.mongodb.Mongo$2.execute(Mongo.java:759) ~[graylog.jar:?]

at com.mongodb.DBCursor.initializeCursor(DBCursor.java:851) ~[graylog.jar:?]

at com.mongodb.DBCursor.hasNext(DBCursor.java:152) ~[graylog.jar:?]

at org.mongojack.DBCursor.hasNext(DBCursor.java:330) ~[graylog.jar:?]

at 
org.graylog2.events.ClusterEventPeriodical.doRun(ClusterEventPeriodical.java:154)
 
[graylog.jar:?]

at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) 
[graylog.jar:?]

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
[?:1.8.0_91]

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) 
[?:1.8.0_91]

at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
 
[?:1.8.0_91]

at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
 
[?:1.8.0_91]

at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_91]

at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_91]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_91]

2016-05-19 23:50:18,465 INFO : org.mongodb.driver.cluster - No server 
chosen by WritableServerSelector from cluster description 
ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, 
all=[ServerDescription{address=mongodb.vip.hostname.com:27017, 
type=UNKNOWN, state=CONNECTING}]}. Waiting for 3 ms before timing out

2016-05-19 23:50:18,473 INFO : org.mongodb.driver.connection - Closed 
connection [connectionId{localValue:21}] to mongodb.vip.hostname.com:27017 
because there was a socket exception raised on another connection from this 
pool.

2016-05-19 23:50:18,474 INFO : org.mongodb.driver.connection - Closed 
connection [connectionId{localValue:24}] 
to mongodb.vip.hostname.com:27017 because there was a socket exception 
raised on another connection from this pool.

2016-05-19 23:50:18,474 INFO : 

[graylog2] Re: Graylog collector side car

[Michael Taylor]

I think collector_sidecar.yml installs with a Linux path for the 
configuration even in Windows. Fix the path and make sure the user running 
collector-sidecar has rights to write in the folder. Mine looks like this:

 server_url: http://:12900
node_id: 
collector_id: file:C:\Program Files 
(x86)\graylog\collector-sidecar\collector-id
tags:
- windowsserver
log_path: C:\Program Files (x86)\graylog\collector-sidecar
update_interval: 10
backends:
- name: nxlog
  enabled: true
  binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
  configuration_path: C:\Program Files 
(x86)\graylog\collector-sidecar\generated\nxlog.conf



On Thursday, May 19, 2016 at 9:26:40 AM UTC-4, sangh wrote:
>
> Hi,
> i am trying to install the collector side car. i have an error  " ERRO[] 
> [nxlog] Collector exits immediately, this should not happen! Please check 
> your collector configuration!
>
>  " the error seemes to be with with the 
> /etc/graylog/collector-sidecar/generated/nxlog.conf.  For those who 
> succed to install the collector can they post thye content of nxlog.conf
> Thanks 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8fd18589-253d-4335-ac2e-a7781bda5c17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog collector side car

[Michael Taylor]

On Thursday, May 19, 2016 at 9:26:40 AM UTC-4, sangh wrote:
>
> Hi,
> i am trying to install the collector side car. i have an error  " ERRO[] 
> [nxlog] Collector exits immediately, this should not happen! Please check 
> your collector configuration!
>
>  " the error seemes to be with with the 
> /etc/graylog/collector-sidecar/generated/nxlog.conf.  For those who 
> succed to install the collector can they post thye content of nxlog.conf
> Thanks 
>


 define ROOT C:\Program Files (x86)\nxlog


  Module xm_gelf




Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO


Module  xm_fileop

When@daily
Execfile_cycle('%ROOT%\data\nxlog.log', 7);
 






Module im_msvistalog
PollInterval 1
SavePosTrue
ReadFromLast True






Module om_tcp
Host 
Port 12201
OutputType  GELF_TCP
Exec $short_message = $raw_event; # Avoids truncation of the 
short_message field.
Exec $gl2_source_collector = '3647af87-d8a7-46ef-a7c7-3b409dc9e49d';
Exec $Hostname = hostname_fqdn();



  Path 573cce844cedfd000110881f => 573cce464cedfd00011087dd



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/86395cfe-689a-4797-b8dd-290d342574b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: installing graylog collector sidecar in windows 10 64bit not working nxlog.exe not create in generted folder

[Michael Taylor]

Are you thinking of nxlog.conf?

nxlog.exe comes from installing nxlog separately. The sidecar creates 
nxlog.conf and runs the nxlog service using it.

On Thursday, May 19, 2016 at 9:20:06 AM UTC-4, rvb n wrote:
>
> installing graylog collector sidecar in windows 10 64bit not working 
> nxlog.exe not create in generted folder
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/de8f8395-319a-440a-acde-e8878f885b59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog 2 - CentOS 7 - Server Currently Unavailable

[Arvind T]

Am also facing the same issue.
Has anyone figured it out?




On Thursday, May 19, 2016 at 2:42:09 AM UTC+5:30, Chris Chalmers wrote:
>
> I have just tried IE11 I'm getting the same result as Chrome and Firefox. 
>
> Interestingly I tried going to the URL direct and got an error message 
> from our Web proxy (Squid) that wasn't displayed anywhere before "The 
> following error was encountered while trying to retrieve the URL: 
> http://10.251.0.90:12900/system/cluster/node. Access Denied. Access 
> control configuration prevents your request from being allowed at this 
> time.". 
>
> Disabled the proxy in IE Settings then I was able to get the login page 
> but after 10-15 secs I would get the 'Server Currently Available' again. 
>
> iptables was on at this point so I disabled that as-well and now I am able 
> to login successfully and browse between tabs. 
>
> -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -p udp -m udp --dport 514 -j ACCEPT
> -A INPUT -p udp -m udp --dport 12201 -j ACCEPT
> -A INPUT -p udp -m udp --dport 12900 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
>
> 1. Ill need to look into the Squid issue where its getting blocked. 
> 2. Although there is a rule for iptables something is still blocking here 
> as-well.
>
>
> On Wednesday, May 18, 2016 at 9:42:13 PM UTC+1, Richard Davis wrote:
>>
>> I'm seeing something similar playing around with 2.0.1 oddly it seems to 
>> only affect Chrome and Firefox as it seems to work ok within IE 11. from 
>> the console in Chrome its showing when its trying to send a request to 
>> http://ip.address:12900/system/sessions however i can hit the URL within 
>> the browser and get back "{"is_valid":false}" so tcp/12900 is open and 
>> working. Attached screenshot of what console is showing.
>>
>>
>>
>> On Wednesday, May 18, 2016 at 11:47:41 AM UTC-5, Chris Chalmers wrote:
>>>
>>> Hi All,
>>>
>>> I recently installed Graylog 2 using this guide: 
>>> http://www.systeen.com/2016/05/12/install-graylog-2-0-centos-7-collect-windows-logs/
>>>
>>> It was working for a couple of days I added around 10 Windows servers 
>>> using NXLog and could see all of the events coming in. Since this morning 
>>> when I go to the webpage I can't get passed -
>>>
>>> Error messageBad requestOriginal RequestGET 
>>> http://10.251.0.90:12900/system/sessionsStatus codeundefinedFull error 
>>> messageError: Request has been terminated Possible causes: the network 
>>> is offline, Origin is not allowed by Access-Control-Allow-Origin, the page 
>>> is being unloaded, etc.
>>>
>>> I have restarted the individual services (graylog-server, elasticsearch 
>>> and mongod), restarted the server, disabled iptables and selinux is 
>>> disabled. 
>>>
>>> The logs all look clean 
>>> - /var/log/graylog-server/server.log, /var/log/elasticsearch/graylog.log 
>>> and /var/log/mongodb/mongod.log. 
>>>
>>> Has anyone else come across the same issue? Are there any other logs I 
>>> can look at?
>>>
>>> Thanks,
>>>
>>> Chris
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f77870ef-31b5-495b-b133-4cb0c0c69887%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] installing graylog collector sidecar in windows 10 64bit not working nxlog.exe not create in generted folder

[rvb n]

installing graylog collector sidecar in windows 10 64bit not working 
nxlog.exe not create in generted folder

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/94221304-ed46-412a-8b94-d21a505525e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog indicies

[kaiser]

The same here, the other solutions doesn't work

Le mardi 17 mai 2016 02:59:49 UTC+2, Mark Moorcroft a écrit :
>
>
> Personally I changed all the references to graylog in the conf files back 
> to graylog2, and so far no issues with that stuff. All my indices came back 
> as expected.
>
> On Thursday, May 12, 2016 at 11:52:22 PM UTC-7, kaiser wrote:
>>
>> Hello,
>>
>> I have updated graylog with current version 2.0
>>
>> After the update new indices are prefixed with graylog.
>>
>> My indices prefixed by graylog2 from graylog 1.3.4 are not displayed in 
>> graylog.
>>
>> Is there a way to add them?
>>
>> regards.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e4af4a93-c3fb-41a2-b20b-bd7028047d80%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Read offset {} before start of log at {}

[Dilip Muthukrishnan]

Thanks, Jochen!  That worked.

Sincerely,
Dilip M.

On Thursday, May 19, 2016 at 8:19:53 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Dilip,
>
> please try deleting the files in the message_journal_dir (
> https://github.com/Graylog2/graylog2-server/blob/2.0.1/misc/graylog.conf#L328-L330)
>  
> and restart Graylog.
>
> Cheers,
> Jochen
>
> On Wednesday, 18 May 2016 19:15:53 UTC+2, Dilip Muthukrishnan wrote:
>>
>> I should mention that I'm trying to setup Graylog 2.0.1 with 
>> Elasticsearch 2.3.2.  However, I've not been able to get any of my inputs 
>> to work so far.
>>
>> Here is my Elasticsearch configuration:
>>
>> cluster.name: graylog2
>> network.host: vtor-lx-tomcat-d01
>> discovery.zen.ping.unicast.hosts: ["vtor-lx-tomcat-d01:9300"]
>> script.inline: false
>> script.indexed: false
>> script.file: false
>>
>> Here is my Graylog server configuration:
>>
>> is_master = true
>> node_id_file = /bns/home/tomcat/graylog/graylog-2.0.1/server/node-ID
>> password_secret = december
>> root_password_sha2 = 
>> 8745f86640ad2ed6b8a2fd428845df3daa1cfcdba9ef74c0cfaa57cacec34f5b
>> plugin_dir = plugin
>> rest_listen_uri = http://vtor-lx-tomcat-d01:12900/
>> web_listen_uri = http://vtor-lx-tomcat-d01:9000/
>> rotation_strategy = count
>> elasticsearch_max_docs_per_index = 2000
>> elasticsearch_max_number_of_indices = 20
>> retention_strategy = delete
>> elasticsearch_shards = 4
>> elasticsearch_replicas = 0
>> elasticsearch_index_prefix = graylog2
>> allow_leading_wildcard_searches = true
>> allow_highlighting = true
>> elasticsearch_cluster_name = graylog2
>> elasticsearch_discovery_zen_ping_unicast_hosts = vtor-lx-tomcat-d01:9300
>> elasticsearch_analyzer = whitespace
>> output_batch_size = 500
>> output_flush_interval = 1
>> output_fault_count_threshold = 5
>> output_fault_penalty_seconds = 30
>> processbuffer_processors = 5
>> outputbuffer_processors = 3
>> processor_wait_strategy = blocking
>> ring_size = 65536
>> inputbuffer_ring_size = 65536
>> inputbuffer_processors = 2
>> inputbuffer_wait_strategy = blocking
>> message_journal_enabled = true
>> message_journal_dir = data/journal
>> lb_recognition_period_seconds = 3
>> mongodb_uri = mongodb://vtor-lx-tomcat-d01:27017/graylog2
>> mongodb_max_connections = 1000
>> mongodb_threads_allowed_to_block_multiplier = 5
>> transport_email_enabled = true
>> transport_email_hostname = TORACCHUB01.accounts.dundeecorp.com
>> transport_email_port = 25
>> transport_email_use_auth = false
>> transport_email_use_tls = false
>> transport_email_use_ssl = false
>> transport_email_subject_prefix = [graylog]
>> transport_email_from_email = gra...@example.com 
>> content_packs_auto_load = grok-patterns.json
>>
>>
>> On Tuesday, May 17, 2016 at 1:35:19 PM UTC-4, Dilip Muthukrishnan wrote:
>>>
>>> Hi,
>>>
>>> I keep seeing the following error my logs whenever I start the server. 
>>>  What's causing it and how can it be resolved?
>>>
>>> 2016-05-17 13:12:14,740 ERROR: org.graylog2.shared.journal.KafkaJournal 
>>> - Read offset 0 before start of log at 2523, starting to read from the 
>>> beginning of the journal.
>>>
>>> Sincerely,
>>>
>>> Dilip M.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ab9cfb68-ac31-40eb-acf1-8398191d6671%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Beats plugin from Graylog vs. sivasamyk

[Jochen Schalanda]

Hi,

if the 3rd party plugin is working for you, there's no reason to switch 
right now.

I understand from Lennart that Graylog 2.0 was meant to provide backwards 
> compatibility with 1.x plugins -- so that's likely why it works.


That's more or less by accident. Graylog 2.0.x is not explicitly compatible 
with plugins written for Graylog 1.x.


Cheers,
Jochen

On Wednesday, 18 May 2016 23:35:57 UTC+2, Frederic Desjarlais wrote:
>
>
> Hi Jochen -- we've been using the 3rd party one made by Sivasamy Kaliappan 
> with Graylog 2.0 (since alpha) without any issues.  I understand from 
> Lennart that Graylog 2.0 was meant to provide backwards compatibility with 
> 1.x plugins -- so that's likely why it works.
>
> Does the 'official' one (from Graylog) make use of any specific 2.x 
> features/APIs (now or forthcoming)?  Things have been stable with the 3rd 
> party plugin -- so we're hesitant to move.  That said, with the upcoming 
> 5.0 Beats, it's likely that changes may be needed at some point (e.g. input 
> format changes, or similar).
>
> Thanks,
> Frederic
>
>
>
> On Tuesday, May 17, 2016 at 3:52:13 AM UTC-7, Jochen Schalanda wrote:
>>
>> Hi Frederic,
>>
>> both plugins add support for the Elastic Beats platform to Graylog. The 
>> 3rd party one made by Sivasamy Kaliappan supports Graylog 1.x, while the 
>> official one provided by Graylog, Inc. supports Graylog 2.x and later.
>>
>> Cheers,
>> Jochen
>>
>> On Friday, 13 May 2016 19:11:10 UTC+2, Frederic Desjarlais wrote:
>>>
>>> Hi,
>>>
>>> With Graylog 2.0.0 (pre-GA), we've been using the Beats plugin from 
>>> https://github.com/sivasamyk/graylog-beats-plugin 
>>> 
>>>  
>>> and we recently noticed that Graylog now offers a Beats plugin at 
>>> https://github.com/Graylog2/graylog-plugin-beats .
>>>
>>> Could someone describe the difference between these plugins?
>>>
>>> Thanks,
>>> Frederic
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f1840782-a15e-435f-af43-035c80a40942%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Read offset {} before start of log at {}

[Jochen Schalanda]

Hi Dilip,

please try deleting the files in the message_journal_dir (
https://github.com/Graylog2/graylog2-server/blob/2.0.1/misc/graylog.conf#L328-L330)
 
and restart Graylog.

Cheers,
Jochen

On Wednesday, 18 May 2016 19:15:53 UTC+2, Dilip Muthukrishnan wrote:
>
> I should mention that I'm trying to setup Graylog 2.0.1 with Elasticsearch 
> 2.3.2.  However, I've not been able to get any of my inputs to work so far.
>
> Here is my Elasticsearch configuration:
>
> cluster.name: graylog2
> network.host: vtor-lx-tomcat-d01
> discovery.zen.ping.unicast.hosts: ["vtor-lx-tomcat-d01:9300"]
> script.inline: false
> script.indexed: false
> script.file: false
>
> Here is my Graylog server configuration:
>
> is_master = true
> node_id_file = /bns/home/tomcat/graylog/graylog-2.0.1/server/node-ID
> password_secret = december
> root_password_sha2 = 
> 8745f86640ad2ed6b8a2fd428845df3daa1cfcdba9ef74c0cfaa57cacec34f5b
> plugin_dir = plugin
> rest_listen_uri = http://vtor-lx-tomcat-d01:12900/
> web_listen_uri = http://vtor-lx-tomcat-d01:9000/
> rotation_strategy = count
> elasticsearch_max_docs_per_index = 2000
> elasticsearch_max_number_of_indices = 20
> retention_strategy = delete
> elasticsearch_shards = 4
> elasticsearch_replicas = 0
> elasticsearch_index_prefix = graylog2
> allow_leading_wildcard_searches = true
> allow_highlighting = true
> elasticsearch_cluster_name = graylog2
> elasticsearch_discovery_zen_ping_unicast_hosts = vtor-lx-tomcat-d01:9300
> elasticsearch_analyzer = whitespace
> output_batch_size = 500
> output_flush_interval = 1
> output_fault_count_threshold = 5
> output_fault_penalty_seconds = 30
> processbuffer_processors = 5
> outputbuffer_processors = 3
> processor_wait_strategy = blocking
> ring_size = 65536
> inputbuffer_ring_size = 65536
> inputbuffer_processors = 2
> inputbuffer_wait_strategy = blocking
> message_journal_enabled = true
> message_journal_dir = data/journal
> lb_recognition_period_seconds = 3
> mongodb_uri = mongodb://vtor-lx-tomcat-d01:27017/graylog2
> mongodb_max_connections = 1000
> mongodb_threads_allowed_to_block_multiplier = 5
> transport_email_enabled = true
> transport_email_hostname = TORACCHUB01.accounts.dundeecorp.com
> transport_email_port = 25
> transport_email_use_auth = false
> transport_email_use_tls = false
> transport_email_use_ssl = false
> transport_email_subject_prefix = [graylog]
> transport_email_from_email = gray...@example.com
> content_packs_auto_load = grok-patterns.json
>
>
> On Tuesday, May 17, 2016 at 1:35:19 PM UTC-4, Dilip Muthukrishnan wrote:
>>
>> Hi,
>>
>> I keep seeing the following error my logs whenever I start the server. 
>>  What's causing it and how can it be resolved?
>>
>> 2016-05-17 13:12:14,740 ERROR: org.graylog2.shared.journal.KafkaJournal - 
>> Read offset 0 before start of log at 2523, starting to read from the 
>> beginning of the journal.
>>
>> Sincerely,
>>
>> Dilip M.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d46b63d4-81b9-412c-b2bb-b98fcebc6b8e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Plugins with Docker

[Jochen Schalanda]

Hi Michael,

that's exactly how it's supposed to work.

Alternatively you could override the plugin_dir configuration setting with 
the GRAYLOG_PLUGIN_DIR environment variable and mount the volume in another 
path.

Cheers,
Jochen

On Wednesday, 18 May 2016 21:56:32 UTC+2, Michael Taylor wrote:
>
> Do you guys recommend a way to install plugins with the Docker image? I 
> was going to link the container's plugins directory to a directory on the 
> host like this:
>
> docker run -t \
>   *ports and stuff*
>   -v /graylog2/server/plugins:/usr/share/graylog/plugins  \
>   *other stuff*
>   graylog2/server:2.0.1-2
>
> Then put the plugin jar files in /graylog2/server/plugins.
>
> Anyone see a problem with this?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9a273c56-2736-4bee-9613-5576f6ec31fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sidecar collector is now a plugin?

[Jochen Schalanda]

Hi Michael,

Is this how the collector functionality will work going forward?
>

Yes, the complete collector functionality has been moved into the plugin.
 

The base installation still has a collector page under System/Collectors, 
> is that page going to go away or stop working without the plugin installed?
>

The Graylog packages (tar-ball, DEB, RPM) and virtual machine images come 
with the Collector plugin preinstalled. If you removed that plugin, the 
page under System/Collectors would disappear.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/06b57230-9444-4b18-ae82-cd76a3bf112a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Is there a way to directly generate count chart based on non-numeric values?

[Jochen Schalanda]

Hi Nuttanart,

charts from non-numeric values (except "Quick Values") are currently not 
supported in Graylog.

Cheers,
Jochen

On Thursday, 19 May 2016 06:44:58 UTC+2, Nuttanart Pornprasitsakul wrote:
>
> Hi,
>
> My messages have Event field which value could be something like 
> "user_signed_in", "order_created", "order_paid" and so on. How do I create 
> a line chart, each line represent total number of each event type message, 
> and all 3 lines in the same chart?
>
> I can think of one approach, always adding Count field with value 1 to 
> these messages, then generate chart of each event type with this Count 
> field. Is this the way to do it? Is it possible to create a count chart on 
> non-numeric value directly?
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/45625d0f-09a6-4bab-b75e-884b4b7e9a29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 + EDGE

[Jochen Schalanda]

Hi Tomas,

this sounds like the issue described 
in https://groups.google.com/d/msg/graylog2/EhHIX-jcXdM/f7-c3vEPAwAJ and 
will be fixed in the upcoming Graylog 2.0.2 release.

Cheers,
Jochen

On Wednesday, 18 May 2016 22:10:51 UTC+2, Tomas P wrote:
>
> Hi,
> if i use Edge (Win10) and Graylog2 then i see green bar "something 
> created/added" but i cant see it (after i use CTRL+F5 i see still nothing). 
> If i use Firefox, then i see everything what i created in Edge and can work 
> with GL2.
>
>  
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2764b6f2-8415-4aaf-9085-e80f7d8575f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: load balancer

[Jochen Schalanda]

Hi,

no, load balancers are not required to run multiple Graylog nodes in a 
cluster.

Cheers,
Jochen

On Wednesday, 18 May 2016 15:18:58 UTC+2, kaiser wrote:
>
> Hi Jochen 
>
> Is load balancer mandatory to use multiple graylog nodes?
>
> Regards
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6e185381-c6b1-4f00-b8f0-1e9d8fb73171%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Rob]

Hi,

I have my Windows Event logs going to my Graylog servers like a charm - its 
great.

With Exchange 2013 if you turn on Auditing the logs are stored with the 
users mailbox and not in the Event log.

You can purchase 3rd party apps like Netwrix to send them to the Event log.

Is there a plugin or way to get the logs into Graylog say via nxlog without 
using a paid 3rd party app?

There is a way to export the logs to an xml file - so maybe a scheduled 
task could be created to create the xml files and the nxlog could send to 
Graylog?

Any suggestions, tips or pointing me to some doco or plugins would be much 
appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/798155e4-b9d3-4ced-bda3-5e1b9ddb6465%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.