[graylog2] Extract/Backup logs that Graylog received

2016-09-13 Thread WIlliam Song 
Hello Guys,

Is it possible to backup the log file that Graylog have received ?


I want to extract one file per server (all the servers are on Windows 
Server)  who will looks like : "Server1.2016-09-13.log" 


  
"Server2.2016-09-13.log"


How to do it ? I search into that file 
"/var/lib/graylog-server/journal/messagejournal-0/1206.log" 
and i found the logs from my Windows Server but it is a binary file and it 
contains all the logs of all servers



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9ebb7eb5-f23b-4ded-8889-40a2b5db08ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog is increasing log's size

2016-09-13 Thread Daniel Kamiński 
maybe you're indexing some unnecessary fields? try to disable less needed 
data, you can also strip them off with pipelines before they get processed 
further, also I heard that BTRFS with compression enabled works nice with 
ES,

W dniu poniedziałek, 12 września 2016 16:56:36 UTC+2 użytkownik Rômullo 
Furtado Beltrame napisał:
>
> Hey Guys, I have a question. Maybe you can help me.
>
> My Graylog 2 is increasing the size of the logs in 3x or more compared to 
> the other solutions or syslogs. I've already chose: best compress to 
> elasticsearch and optimized option.
>
> There's something that I can do to resolve this problem? My environment is 
> consuming more than 200GB/month  in 20mi of logs per day.
>
> If someone has an idea I would thanks so much. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d9ae71bc-84df-4fe3-99ab-9ef0b05a9d14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog in Docker 2.1

2016-09-13 Thread Daniel Kamiński 
my docker machine IP is `192.168.0.135` and i set up 
`GRAYLOG_REST_TRANSPORT_URI` as `http://192.168.0.135:12900`

W dniu poniedziałek, 12 września 2016 15:32:00 UTC+2 użytkownik Hernán 
Fernández napisał:
>
> Hi, I've tried this without success, what IP did you use and may you also 
> confirm that you use just the GRAYLOG_REST_TRANSPORT_URI variable?
>
> thanks
>
> On Sunday, September 11, 2016 at 6:09:02 AM UTC-3, Daniel Kamiński wrote:
>>
>> I also stumbled on this error, passing machine network ip rather than 
>> local 127.0.0.1 kind of worked
>>
>> W dniu piątek, 2 września 2016 22:48:30 UTC+2 użytkownik Hernán Fernández 
>> napisał:
>>>
>>> Hello,
>>>
>>> I just saw that the rest api is running now on the web interface and the 
>>> variable GRAYLOG_REST_TRANSPORT_URI="http://127.0.0.1:12900; has been 
>>> changed by GRAYLOG_WEB_ENDPOINT_URI="http://127.0.0.1:9000/api; in 
>>> docker installation webpage 
>>> http://docs.graylog.org/en/2.1/pages/installation/docker.html
>>>
>>> the problem is that http://127.0.0.1:9000/api give me an 404 error, 
>>> (apparently it still working with 12900 port), but any idea why the system 
>>> doesn't work has the documentation say?
>>>
>>> I'm starting the container with
>>>
>>> docker run  --link some-mongo:mongo --link 
>>> some-elasticsearch:elasticsearch -e GRAYLOG_WEB_ENDPOINT_URI="
>>> http://127.0.0.1:9000/api; -p 9000:9000 -p 514:5140/udp -d 
>>> graylog2/server
>>>
>>> thanks
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/befb4d6c-328a-45f1-96b5-ccc1c5209c32%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Compatibility of graylog 2.1.0

2016-09-13 Thread Shrawan Bhagwat 
Hi All,

Can anyone please tell me which version of logstash, elasticsearch, mongodb 
are compatible with graylog-2.1.0.?

Regards,
Shrawan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/aa03dfdd-9b40-4e82-a3bb-92e095a71eaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to use the "copy input" extractor for the geolocation fields ?

2016-09-13 Thread Aykisn 
I created a pipeline to rename the geolocation field. Working fine.
The problem now is that the field is not indexed. Is there any way it can 
be ?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0540ef02-646a-442a-b27e-e5b1efeb3b47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to use the "copy input" extractor for the geolocation fields ?

2016-09-13 Thread Aykisn 
Hmm I guess I'm stucked then, because if I do that, the ip field won't 
exist for the GeoIp Resolver.

Thanks anyway :)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5afc6e04-ef41-41e6-a8a3-0921292f5425%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to use the "copy input" extractor for the geolocation fields ?

2016-09-13 Thread Jochen Schalanda 
Hi Aykisn,

the GeoIP processor probably only runs after the extractors in your setup, 
so that at the time the extractors are running, the rp_ip_geolocation field 
doesn't exist.

You can change the running order on the System / Configurations / Message 
Processors Configuration page in the Graylog web interface.

Cheers,
Jochen

On Tuesday, 13 September 2016 10:07:52 UTC+2, Aykisn wrote:
>
> Hello,
>
> I want to duplicate the geolocation fields by using the copy input (to 
> change the name of the fields) but it doesn't work unfortunately (no field 
> is created).
>
>
> 
>
>
> 
>
>
> Any insights on what is happening/what to do ?
>
> Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d69f3689-a375-4540-a677-5b98c55a94c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] How to use the "copy input" extractor for the geolocation fields ?

2016-09-13 Thread Aykisn 
Hello,

I want to duplicate the geolocation fields by using the copy input (to 
change the name of the fields) but it doesn't work unfortunately (no field 
is created).






Any insights on what is happening/what to do ?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a73ff72d-7e7e-4e5b-886e-9d5dc59367c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.