Re: [graylog2] Re: Extractor help - domain name only

[Zoizo]

Hi,

I tested your second regex (what I need is the two words, facebok.com) and 
it works fine when there are three or more words, and sadly doesn't when 
there are exactly two words (http://facebook.com for example).
Is there a way to add an alternation to the regex, like, if the first regex 
doesn't match any group,  try GET [a-z]+://([^/]+)/ instead ?
I tried this : GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/ | GET [a-z]+://([^/]+)/ 
but it says nothing will be extracted. I must have a made a syntax mistake 
since I haven't used that before.

Thanks lots!

On Thursday, July 14, 2016 at 11:33:10 AM UTC+4, Jason Haar wrote:
>
>
> On Wed, Jul 13, 2016 at 10:57 PM, Zoizo  > wrote:
>
>> Well I'm a moron and forgot domain names could have more than two words 
>> too so, I'm kinda lost as to what I can do here ^^'
>>
>
> Try a regex like "GET [a-z]+?://[^\.]+\.([^/]+)/"
>
> On "facebook.com" that would match "com". Assuming that's what you want 
> of course (I stick to "GET [a-z]+://([^/]+)/" myself)
>
> If you want the last two, then "GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/" 
> should do that
>
> I know "https?" would be better - but I'm not near graylog at the moment 
> and I don't know if it's weird Java-based regex library supports that - so 
> I stuck with [a-z]+ to match "http" and "https" (and I guess "ftp" too)
>
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/659dbe1a-9cbc-4262-b3ae-b84a4b7cfdd2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Extractor help - domain name only

[Zoizo]

Hi,

I tried your second regex (I need the two words, yes), and it works fine! 
There is one problem though, it doesn't work when there are exactly two 
words, because it does not find the first [^/]. How can I say in the regex 
that the [^/] is optionnal please ?

Thanks lots.

On Thursday, July 14, 2016 at 11:33:10 AM UTC+4, Jason Haar wrote:
>
>
> On Wed, Jul 13, 2016 at 10:57 PM, Zoizo  > wrote:
>
>> Well I'm a moron and forgot domain names could have more than two words 
>> too so, I'm kinda lost as to what I can do here ^^'
>>
>
> Try a regex like "GET [a-z]+?://[^\.]+\.([^/]+)/"
>
> On "facebook.com" that would match "com". Assuming that's what you want 
> of course (I stick to "GET [a-z]+://([^/]+)/" myself)
>
> If you want the last two, then "GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/" 
> should do that
>
> I know "https?" would be better - but I'm not near graylog at the moment 
> and I don't know if it's weird Java-based regex library supports that - so 
> I stuck with [a-z]+ to match "http" and "https" (and I guess "ftp" too)
>
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/92dad2a2-402b-42fc-8b69-63f8f453e749%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: No Warning and Error log from Windows EventLogs, sending in via NXLog

[Arief Hydayat]

Hi everyone,

Anyone could give a hand on these? Any setting that maybe I need to have a 
look again on the NXLog side or Graylog side? 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1340419d-9695-4891-9b6c-266631fc4c0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Backfilling graylog with past data

[Jason Haar]

On Fri, Jul 15, 2016 at 2:50 AM, Jeremy Farr  wrote:

> Jason have you noticed any issues when adding to indices that are not the
> currently active one?
>

No. My indices don't last more than an hour and I have shoved in data that
was days old - so it definitely all went into "old" indices. Waitaminute -
that's not how it works. Mustn't it always go into the current index, even
if the timestamps are no longer vaguely related? I can't say I've thought
much about it - it simply worked


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrg%2BYuLYWXUSX0BuqQWUf-Yo72AZrHiZF1TFviv-inu6kNg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog slow processing.

[Eric Green]

On Friday, July 8, 2016 at 5:10:47 AM UTC-7, Hema Kumar wrote:
>
> Hi,
>I am using graylog 1.3.3 with ES 1.7.5, from yesterday we are seeing 
> the process buffer filled up on the master node and the outgoing process is 
> too slow than normal, I have tried restarting GL and ES but did not fix the 
> issue, below are the log warn and errors we see that repeats continuously. 
>
> We have 4 graylog server and 7 elasticsearch nodes, Only the Master 
> graylog is processing slow and sometimes the 3rd node, rest of the nodes 
> are working fine. 
>
>
Check your Elasticsearch log on the Elasticsearch cluster master and see if 
there's some infrastructure issue causing communications difficulties. 
Also, for whatever is doing the load balancing, see if it's suddenly 
decided to shove the majority of the load to your master. 

My experience is that Graylog 1.3.x is faster than Graylog 2.x, so that is 
unlikely to be the issue. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6b56c0d6-f448-487d-bfa3-72b17fcf5bb7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog slow processing.

[Hema Kumar]

Hi Jan,
   I could not figure out what the actual cause was, Only 1 node (Master) 
is causing this problem, i tried removing few extractors but did not help. 
As 2.0 upgrade is not possible now i upgraded to 1.3.4 but of no use. 
Messages are pouring in and output rate is too low, Only the process buffer 
is full but the journal holds nearly 150,000,000 messages. 

I am left with no options, any suggestions would be great. 

Thanks, Hema.

On Monday, July 11, 2016 at 1:27:46 PM UTC+5:30, Jan Doberstein wrote:
>
> Hey Hema, 
>
>
> On 8. Juli 2016 at 14:10:50, Hema Kumar (vhs...@gmail.com ) 
> wrote: 
> > I am using graylog 1.3.3 with ES 1.7.5, from yesterday we are seeing the 
> > process buffer filled up on the master node and the outgoing process is 
> too 
> > slow than normal, I have tried restarting GL and ES but did not fix the 
> > issue, below are the log warn and errors we see that repeats 
> continuously. 
>
> Only to have it said - did you consider updating to 2.x version in the 
> near future? 
>
>
> > Could you please help me on this, i have been breaking my head since 
> > yesterday. 
>
> Did you checked the heap usage of the nodes? Maybe this could be a 
> bottleneck. You can find this in the Webinterface and the Node 
> overview. 
>
> regards 
> Jan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/11062f9b-6534-4f6b-9c63-c8bcb5573452%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Trouble Receiving Syslog Messages

[Nathan Mace]

I got it working, turns out the sending syslog service takes a few minutes 
to start and I was just being impatient.

That said, how do I add the Raw/Plaintext input?  I understand how to add 
an input generally, but not one that is specifically for plain text.

Thanks!

Nathan

On Wednesday, July 13, 2016 at 3:09:44 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> try using a Raw/Plaintext UDP input instead of a Syslog UDP input. 
> Sometimes those network appliances send syslog messages which aren't quite 
> compliant to RFC 3164 or 5424.
>
> You can still extract the information you want to record with extractors 
> on that input.
>
> Cheers,
> Jochen
>
> On Tuesday, 12 July 2016 20:11:25 UTC+2, Nathan Mace wrote:
>>
>> I've got Graylog up and running on the OVA.  I'm having trouble getting 
>> syslog messages into it.  I've got a Synology NAS setup to send syslog 
>> messages to the OVA's IP address on port 514 via UDP.  I can send a test 
>> message but it never shows up in the web console.
>>
>> I have the following input configured:
>>
>> appliance-syslog-udp Syslog UDP
>>
>>- allow_override_date:
>>true
>>- bind_address:
>>0.0.0.0
>>- expand_structured_data:
>>false
>>- force_rdns:
>>false
>>- override_source:
>>**
>>- port:
>>514
>>- recv_buffer_size:
>>262144
>>- store_full_message:
>>false
>>
>>
>> Any ideas as to what I am doing wrong?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fe3419ca-65dc-4271-ba50-81f338ee178e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog indexes

[Henrique Ferreira]

ok, thanks

On Thursday, July 14, 2016 at 11:56:32 AM UTC-3, Jochen Schalanda wrote:
>
> Hi Henrique,
>
> that's not possible with Graylog.
>
> What you can do, though, is create a separate stream for each of your 
> servers by filtering on the "source" field of the ingested messages.
>
> Please refer to http://docs.graylog.org/en/2.0/pages/streams.html for 
> more information about streams.
>
> Cheers,
> Jochen
>
> On Thursday, 14 July 2016 16:40:52 UTC+2, Henrique Ferreira wrote:
>>
>> hello , how do I separate each server that sends its logs to graylog to a 
>> different index ?
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e56a3043-f90b-43fe-a367-94043d1e5b45%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Backfilling graylog with past data

[Jeremy Farr]

Thank you Jochen.  

On Wednesday, July 13, 2016 at 2:14:45 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Jeremy,
>
> you can use Logstash or Filebeat (or any other log shipper) to backfill 
> data into Graylog, too. Simply point it to the file (or source) you want to 
> use as an input and use a GELF output to send data into Graylog. Also make 
> sure that the timestamp field is valid, because otherwise Graylog would 
> use the ingestion time as timestamp (which is not what you want to have 
> when filling in historic logs).
>
> Cheers,
> Jochen
>
> On Wednesday, 13 July 2016 04:10:04 UTC+2, Jeremy Farr wrote:
>>
>> How would I go about backfilling logs into graylog?  Does it just handle 
>> it auto-magically?  For instance, I'd like to analyze some transaction data 
>> that spans possibly the entire month. I can get the information at smaller 
>> intervals (i.e. Daily or weekly) but I would only be looking at it in 
>> monthly, quarterly or annual periods of time. I've seen people discussing 
>> using logstash to backfill elasticsearch but I couldn't find anything about 
>> back filling graylog specifically. Thanks in advance. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/27299714-53ae-4084-b564-18016c78721b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Backfilling graylog with past data

[Jeremy Farr]

Jason have you noticed any issues when adding to indices that are not the 
currently active one?

On Thursday, July 14, 2016 at 2:35:26 AM UTC-5, Jason Haar wrote:
>
>
> On Wed, Jul 13, 2016 at 7:14 PM, Jochen Schalanda  > wrote:
>
>> Simply point it to the file (or source) you want to use as an input and 
>> use a GELF output to send data into Graylog
>
>
> I use that all the time  - works great! Except I have a mental block and 
> keep "search" looking in the past 5 minutes and wonder why I don't see the 
> data I just pushed in (which typically had yesterday's date ;-)
>
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3e31b812-5b0d-4ee5-b374-2cd067dc308c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog indexes

[Jochen Schalanda]

Hi Henrique,

that's not possible with Graylog.

What you can do, though, is create a separate stream for each of your 
servers by filtering on the "source" field of the ingested messages.

Please refer to http://docs.graylog.org/en/2.0/pages/streams.html for more 
information about streams.

Cheers,
Jochen

On Thursday, 14 July 2016 16:40:52 UTC+2, Henrique Ferreira wrote:
>
> hello , how do I separate each server that sends its logs to graylog to a 
> different index ?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cd89df29-3661-4311-9887-3159905bbab1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Plugin Development: POM for org.graylog.plugins:usage-statistics is missing

[cazy]

For anyone interested in a (dirty) workaround:
I checked out version 2.0.0 of the usage statistics plugin and modified the 
version in the POM adding "-SNAPSHOT". After mvn install, I was able to 
build my plugin.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/03db2825-c207-423a-b316-3d36d524a349%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Dashboard Widget, Display Status

[Richard Poole]

Hi,

I'm looking for a way to display in a dashboard the status of a batch 
process that runs over several systems. Each system can produce a log entry 
that we can change and push to Graylog.

I was hoping I could filter using a stream and present in a dashboard the 
last value for the status log in a widget. Can anyone think of how to do 
this?


Basic Example:

Widget A
-
1   Process 1 Finished
2   Process 2 Started
3   ..
-

or


Single Widget 

Widget B

Process 1 Finished



Thanks Rich

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/56ea23ce-86a8-41fa-9599-37467cc9b89c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

[Arief Hydayat]

Hi Jochen,

I see. Thanks for your reply.
Anyway since I set Graylog to receive message from 5 sources (3 Windows
server and 2 network devices) that Elasticsearch cluster health keep
appearing.

On Thu, Jul 14, 2016 at 3:16 PM, Jochen Schalanda 
wrote:

> Hi Arief,
>
> the OVA is suited for small production setups. For the "real deal", we
> recommend setting up the components yourself (to be able to tweak them
> according to your use cases) using the official OS packages (DEB, RPM)
> 
> or the official config management scripts (Puppet, Chef, Ansible
> 
> ).
>
> Cheers,
> Jochen
>
> On Thursday, 14 July 2016 05:18:04 UTC+2, Arief Hydayat wrote:
>>
>> Hi Jochen,
>>
>> Unfortunately still gives...
>>
>> Elasticsearch cluster unhealthy (RED) (triggered 2 minutes ago)
>>
>>
>> What else we can do?
>>
>> Anyway I wanted to ask is the the OVA is the best practice to deploy and
>> make it as production?
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/lr2ckqnhcVg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/9fe1a222-a357-49bc-87aa-c212648bbf11%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAHKvR%3DfzFRG4KpMW6fx7mGecQ6AnNWggkfVEMAq%3DZ%3Ds%3DfPAwKg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Extractor help - domain name only

[Zoizo]

Thanks a whole lot. I will try that at work tomorrow and update.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/95f31420-52d5-4364-9223-59206d5d6d5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Extractor help - domain name only

[Jason Haar]

On Wed, Jul 13, 2016 at 10:57 PM, Zoizo  wrote:

> Well I'm a moron and forgot domain names could have more than two words
> too so, I'm kinda lost as to what I can do here ^^'
>

Try a regex like "GET [a-z]+?://[^\.]+\.([^/]+)/"

On "facebook.com" that would match "com". Assuming that's what you want of
course (I stick to "GET [a-z]+://([^/]+)/" myself)

If you want the last two, then "GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/" should
do that

I know "https?" would be better - but I'm not near graylog at the moment
and I don't know if it's weird Java-based regex library supports that - so
I stuck with [a-z]+ to match "http" and "https" (and I guess "ftp" too)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgJLX-OvQtgu6t6M%3DSLusRU_WyhpOkDc6PA3MK_mf0v4Lg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

[Jochen Schalanda]

Hi Arief,

running graylog-ctl reconfigure will recreate the configuration file from 
our templates and reset your changes.

Cheers,
Jochen

On Thursday, 14 July 2016 04:45:43 UTC+2, Arief Hydayat wrote:
>
> Hi Jochen,
>
> OK I give a try on that.
>
>
>
> *ubuntu@graylog:~$ cat /opt/graylog/conf/graylog.conf | grep replica# How 
> many Elasticsearch shards and replicas should be used per index? Note that 
> this only applies to newly created indices.elasticsearch_replicas = 1*
>
>
> Then using vim editor and make replica to 0:
>
>
>
> *# How many Elasticsearch shards and replicas should be used per index? 
> Note that this only applies to newly created indices.elasticsearch_shards = 
> 4elasticsearch_replicas = 0*
>
> I'll run the reconfigure command and let see how it goes.
> Thanks a lot Jochen.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7e2c6607-f57a-4d2d-b726-664614a13049%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

[Jochen Schalanda]

Hi Arief,

the OVA is suited for small production setups. For the "real deal", we 
recommend setting up the components yourself (to be able to tweak them 
according to your use cases) using the official OS packages (DEB, RPM) 

 
or the official config management scripts (Puppet, Chef, Ansible 

).

Cheers,
Jochen

On Thursday, 14 July 2016 05:18:04 UTC+2, Arief Hydayat wrote:
>
> Hi Jochen,
>
> Unfortunately still gives...
>
> Elasticsearch cluster unhealthy (RED) (triggered 2 minutes ago)
>
>
> What else we can do?
>
> Anyway I wanted to ask is the the OVA is the best practice to deploy and 
> make it as production?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9fe1a222-a357-49bc-87aa-c212648bbf11%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to deal with Journal Utilization is too high?

[Jochen Schalanda]

Hi Arief,

the  output_batch_size 

 and output_flush_interval 

 settings 
can be configured in Graylog's configuration file, and refresh_interval 

 has to be set in your Elasticsearch configuration file or as part of a 
custom index template (see 
http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#custom-index-mappings
 
for details). The refresh_interval setting should not be tampered with 
unless you know what you're doing™. ;-)

All of those settings have direct effect on how fast you will "see" freshly 
ingested logs in Graylog. 

Cheers,
Jochen

On Thursday, 14 July 2016 05:22:33 UTC+2, Arief Hydayat wrote:
>
> Hi Jochen,
>
> I see.. OK noted. I've increase the:
> - 4 vCPU to 6 vCPU,
> - 8GM Memory to 12GB Memory
>
> Those setting is under /opt/graylog/conf/graylog.conf file?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ccdb68f4-29d7-44d2-b32f-cbf2da42f30a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.