[graylog2] Re: Store full message in Grayog Use??

2016-10-25 Thread Jochen Schalanda 
Hi,

On Tuesday, 25 October 2016 16:08:32 UTC+2, Anant Sawant wrote:
>
> What is the use of this option?.
>

That setting will store the raw/unparsed syslog message into the 
full_message field for further processing.

If that setting is false, Graylog will only store the parsed and evaluated 
message.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/da7b8cc2-ed27-4ee3-9968-b89117974a20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Store full message in Grayog Use??

2016-10-25 Thread Anant Sawant 
Hi Graylog Team

In syslog udp/tcp inputs there is the following option.

"Store full message? (optional)"

What is the use of this option?.
Does it mean if I send logs/data to Graylog via syslog, when the above 
option is *unchecked  *Graylog is not storing the complete log but 
incomplete or partial log.
Or rather if I am sending 1 gb of logs to Graylog and if the option is 
*unchecked 
*Graylog eventually will store lesser amount on logs/data.


Thanks 
Anant

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/22242236-d504-4ae8-a6e4-c66fa08368e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Custom Graylog development query

2016-10-25 Thread Jochen Schalanda 
Hi,

On Tuesday, 25 October 2016 16:01:29 UTC+2, Anant Sawant wrote:
>
> Is it possible to delete logs from graylog based on different inputs.
>

That's not possible with Graylog directly, but you can use the 
Elasticsearch Delete by Query Plugin 

 
for this purpose.
 

> If the answer is negative. Then what will it take to develop this feature. 
> Whom do i speak to for developing this feature and if at all this is 
> possible or not.
>

You can contact sales at https://www.graylog.org/pages/contact_sales.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6e4621a2-2fc1-4077-b2ff-c97cf95d4269%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Custom Graylog development query

2016-10-25 Thread Anant Sawant 
Hi Graylog Team

Is it possible to delete logs from graylog based on different inputs.
I have two inputs on udp syslog from two different machines pointed to 
single graylog instance.
Can i selectively delete particular logs based on date and time or based on 
the inputs.
If the answer is negative. Then what will it take to develop this feature. 
Whom do i speak to for developing this feature and if at all this is 
possible or not.

Thanks
Anant

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/49f96e9b-faa1-4c54-b31e-c969061d407f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: use logstash + gelf to send logs to graylog

2016-10-25 Thread Jochen Schalanda 
Hi,

what kind of input did you create in Graylog and how did you configure it?

I'm also not sure if you really want to have that TCP input in Logstash…

FWIW, if you only want to read files and send their contents to Graylog, 
I'd recommend using Filebeat or nxlog which can both be managed via the 
Graylog Collector Sidecar.


Cheers,
Jochen

On Tuesday, 25 October 2016 14:48:56 UTC+2, Benbrahim Anass wrote:
>
> yea i already saw that,
> here is my conf
> input {
> tcp {
> type => "tcp"
> port => "12201"
> }
> file {
> path => "/var/log/messages"
> type => "rsyslog"
> start_position => "beginning"
> }
> }
>
>
> output {
> gelf {
> host => "10.56.130.70"
> port => 12201
> }
> }
>
>
> but i dont see any connection on the port 12201 on the graylog server.
> the port is open, it's not that, nor the firewall
>
> any suggestions?
> thanks
>
> Le mardi 25 octobre 2016 14:31:00 UTC+2, Jochen Schalanda a écrit :
>>
>> Hi,
>>
>> On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote:
>>>
>>> i'm wondering if is it possible to send logs via logstash/gelf to 
>>> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF
>>>
>>
>> Of course that's possible.
>>
>> See 
>> https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html 
>> for the relevant documentation.
>>
>> Cheers,
>> Jochen 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8f405f37-c667-46ca-a48f-e829a3065f13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog 2.1 on Ubuntu 16.04 - no web interface, no port 9000

2016-10-25 Thread Marcio Merlone 
Em terça-feira, 25 de outubro de 2016 10:05:57 UTC-2, Benbrahim Anass 
escreveu:
>
> r u sure the port 9000 is open? try a telnet on it
>

No! It was the other way around, it does NOT open port 9000, tested with 
netstat, lsof and nmap. But as I said, changed from Oracle to OpenJDK and 
now it works.

Tks!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/122ae22c-3978-427f-b6d7-c37ff2ff39bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: use logstash + gelf to send logs to graylog

2016-10-25 Thread Benbrahim Anass 
yea i already saw that,
here is my conf
input {
tcp {
type => "tcp"
port => "12201"
}
file {
path => "/var/log/messages"
type => "rsyslog"
start_position => "beginning"
}
}


output {
gelf {
host => "10.56.130.70"
port => 12201
}
}


but i dont see any connection on the port 12201 on the graylog server.
the port is open, it's not that, nor the firewall

any suggestions?
thanks

Le mardi 25 octobre 2016 14:31:00 UTC+2, Jochen Schalanda a écrit :
>
> Hi,
>
> On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote:
>>
>> i'm wondering if is it possible to send logs via logstash/gelf to 
>> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF
>>
>
> Of course that's possible.
>
> See https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html 
> for the relevant documentation.
>
> Cheers,
> Jochen 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0f7654aa-fc76-472c-ada0-7099aeb84be3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch upgrade to 5.0, migraton helper plugin - red node settings meaning

2016-10-25 Thread Jochen Schalanda 
Hi,

Graylog (as of version 2.1.1) doesn't support Elasticsearch 5.x, also see 
http://docs.graylog.org/en/2.1/pages/installation.html#system-requirements.

Cheers,
Jochen

On Tuesday, 25 October 2016 12:57:18 UTC+2, Aykisn wrote:
>
> Hello,
>
> I am planning on upgrading my elasticsearch cluster from 2.4 to 5.0
>
> I used the elasticsearch migration helper plugin to see if there was 
> anything wrong beforehand.
>
> This is the output I got :
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> I read that it's because those settings don't exist anymore (
> https://www.elastic.co/guide/en/elasticsearch/reference/5.0/breaking_50_settings_changes.html#_node_types_settings).
>  
> However, I don't see where I can change these settings. And if it's via 
> curl, I don't know the exact request I must use. Any help ?
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3523e9f5-12f1-4502-92b4-25964f6bf7c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: use logstash + gelf to send logs to graylog

2016-10-25 Thread Jochen Schalanda 
Hi,

On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote:
>
> i'm wondering if is it possible to send logs via logstash/gelf to 
> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF
>

Of course that's possible.

See https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html 
for the relevant documentation.

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0b745997-fab6-49e4-9dfa-6369c26bc561%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog 2.1 on Ubuntu 16.04 - no web interface, no port 9000

2016-10-25 Thread Benbrahim Anass 
r u sure the port 9000 is open? try a telnet on it


Le mardi 25 octobre 2016 13:55:04 UTC+2, Marcio Merlone a écrit :
>
> Hi all!
>
> I am setting up a standalone graylog server on a Ubuntu 16.04 LTS. I went 
> trough the docs 
> http://docs.graylog.org/en/2.1/pages/installation/os/ubuntu.html just 
> fine, Graylot starts but I get no web ui, it does not bind to port 9000 
> (which is free, no one else is there). Any hint?
>
> Update in advance - for others who bump on this too :)
> I switched from oracle to openjdk and it now works, is it supposed to be 
> this way?
>
> update-alternatives --config java
>
> Thanks, best regards.
>
> -- 
> Marcio Merlone
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cb5e5f96-a445-4aca-9ca3-4523995f81a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog 2.1 on Ubuntu 16.04 - no web interface, no port 9000

2016-10-25 Thread Marcio Merlone 
Hi all!

I am setting up a standalone graylog server on a Ubuntu 16.04 LTS. I went 
trough the 
docs http://docs.graylog.org/en/2.1/pages/installation/os/ubuntu.html just 
fine, Graylot starts but I get no web ui, it does not bind to port 9000 
(which is free, no one else is there). Any hint?

Update in advance - for others who bump on this too :)
I switched from oracle to openjdk and it now works, is it supposed to be 
this way?

update-alternatives --config java

Thanks, best regards.

-- 
Marcio Merlone

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9edf9023-49dc-4e0e-95da-041eb800c5d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] use logstash + gelf to send logs to graylog

2016-10-25 Thread Benbrahim Anass 
i'm wondering if is it possible to send logs via logstash/gelf to Graylog2, 
if it is, i'm gonna need an exemple of a logstash output via GELF

Thanks 
cheers 
anas

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/eaa411b0-b047-4a30-8666-61a1948d8915%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread 'Schwään' via Graylog Users 
i trie it but it shows the massage again

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/503e858f-8c2f-4ee0-91b0-56e0cc6e4946%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread 'Schwään' via Graylog Users 
but i dont use a cluster 

Am Dienstag, 25. Oktober 2016 10:06:55 UTC+2 schrieb Schwään:
>
> Hello,
>
> when i Start the Webconfig of Graylog it says 
> Elasticsearch cluster unavailable
>
> but i dont have a cluster and don´t have configured a cluster.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/845bc78c-b4c5-4b31-a28f-0495c04233e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread Jochen Schalanda 
Hi

On Tuesday, 25 October 2016 12:11:54 UTC+2, Schwään wrote:
>
> Elasticsearch Config


You haven't set a cluster name in your Elasticsearch configuration.

See 
http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#cluster-name
 
for details.

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/449b1d3d-03f1-4106-baed-8de0e7eaadee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread Jochen Schalanda 
Hi,

On Tuesday, 25 October 2016 12:13:40 UTC+2, Schwään wrote:
>
> Und ich habe gerade gemerkt das wir das eventuell auch auf Deutsch klären 
> könnten da mein Englisch nicht so gut ist
>

Damit andere Leute, die ein ähnliches Problem haben, den Verlauf verfolgen 
können, würde ich dich bitten, die Kommunikation auf der Mailing Liste in 
Englisch zu halten.

Wir kommen auch mit rudimentärem Englisch zu Recht und deines war bis jetzt 
nicht schlecht. ;-)

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cba25b99-c756-40ab-baaf-3c8ecb7c4dc1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread 'Schwään' via Graylog Users 
Und ich habe gerade gemerkt das wir das eventuell auch auf Deutsch klären 
könnten da mein Englisch nicht so gut ist

Am Dienstag, 25. Oktober 2016 10:06:55 UTC+2 schrieb Schwään:
>
> Hello,
>
> when i Start the Webconfig of Graylog it says 
> Elasticsearch cluster unavailable
>
> but i dont have a cluster and don´t have configured a cluster.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9e4c603b-907d-4331-9c34-2679a80a5715%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread 'Schwään' via Graylog Users 
Elasticsearch Config

#  Elasticsearch Configuration 
>> =
>
> #
>
> # NOTE: Elasticsearch comes with reasonable defaults for most settings.
>
> #   Before you set out to tweak and tune the configuration, make sure 
>> you
>
> #   understand what are you trying to accomplish and the consequences.
>
> #
>
> # The primary way of configuring a node is via this file. This template 
>> lists
>
> # the most important settings you may want to configure for a production 
>> cluster.
>
> #
>
> # Please see the documentation for further information on configuration 
>> options:
>
> # 
>> 
>
> #
>
> # -- Cluster 
>> ---
>
> #
>
> # Use a descriptive name for your cluster:
>
> #
>
> # cluster.name: my-application
>
> #
>
> #  Node 
>> 
>
> #
>
> # Use a descriptive name for the node:
>
> #
>
> # node.name: node-1
>
> #
>
> # Add custom attributes to the node:
>
> #
>
> # node.rack: r1
>
> #
>
> # --- Paths 
>> 
>
> #
>
> # Path to directory where to store the data (separate multiple locations 
>> by comma):
>
> #
>
> # path.data: /path/to/data
>
> #
>
> # Path to log files:
>
> #
>
> # path.logs: /path/to/logs
>
> #
>
> # --- Memory 
>> ---
>
> #
>
> # Lock the memory on startup:
>
> #
>
> # bootstrap.memory_lock: true
>
> #
>
> # Make sure that the `ES_HEAP_SIZE` environment variable is set to about 
>> half the memory
>
> # available on the system and that the owner of the process is allowed to 
>> use this limit.
>
> #
>
> # Elasticsearch performs poorly when the system is swapping the memory.
>
> #
>
> # -- Network 
>> ---
>
> #
>
> # Set the bind address to a specific IP (IPv4 or IPv6):
>
> #
>
> # network.host: 10.250.20.60
>
> #
>
> # Set a custom port for HTTP:
>
> #
>
> # http.port: 9200
>
> #
>
> # For more information, see the documentation at:
>
> # 
>> 
>
> #
>
> # - Discovery 
>> --
>
> #
>
> # Pass an initial list of hosts to perform discovery when new node is 
>> started:
>
> # The default list of hosts is ["127.0.0.1", "[::1]"]
>
> #
>
> # discovery.zen.ping.unicast.hosts: ["host1", "host2"]
>
> #
>
> # Prevent the "split brain" by configuring the majority of nodes (total 
>> number of nodes / 2 + 1):
>
> #
>
> # discovery.zen.minimum_master_nodes: 3
>
> #
>
> # For more information, see the documentation at:
>
> # 
>> 
>
> #
>
> # -- Gateway 
>> ---
>
> #
>
> # Block initial recovery after a full cluster restart until N nodes are 
>> started:
>
> #
>
> # gateway.recover_after_nodes: 3
>
> #
>
> # For more information, see the documentation at:
>
> # 
>> 
>
> #
>
> # -- Various 
>> ---
>
> #
>
> # Disable starting multiple nodes on a single system:
>
> #
>
> # node.max_local_storage_nodes: 1
>
> #
>
> # Require explicit names when deleting indices:
>
> #
>
> # action.destructive_requires_name: true
>
>
>
Am Dienstag, 25. Oktober 2016 10:06:55 UTC+2 schrieb Schwään:
>
> Hello,
>
> when i Start the Webconfig of Graylog it says 
> Elasticsearch cluster unavailable
>
> but i dont have a cluster and don´t have configured a cluster.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cce4b016-4313-4d48-bacf-e15e14a514b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Could not Load field indormation

2016-10-25 Thread Jochen Schalanda 
Hi,

search in Graylog unsurprisingly doesn't work without Elasticsearch…

https://groups.google.com/d/msg/graylog2/1YInasM05Qw/xlwtCvMqBgAJ

Cheers,
Jochen

On Tuesday, 25 October 2016 11:41:31 UTC+2, Schwään wrote:
>
> I Try to use my Server in Graylog but it shows
>
> *Could not load field information*
> *Loading field information failed with status: cannot GET 
> http://10.250.20.60:9000/api/system/fields 
>  (500*
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5ec6aa69-8687-4d62-9947-8343da176706%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread Jochen Schalanda 
Hi,

On Tuesday, 25 October 2016 11:25:02 UTC+2, Schwään wrote:
>
> this is my graylog log i dont know what to do
>

Check the logs of your Elasticsearch node(s) and post the configuration of 
your Graylog and Elasticsearch node(s) so that we can take a look at it.

In general, please refer 
to http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html 
for information about how to configure Graylog and Elasticsearch.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6e294298-51e5-4ae2-ad76-32ff21302705%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Could not Load field indormation

2016-10-25 Thread 'Schwään' via Graylog Users 
I Try to use my Server in Graylog but it shows

*Could not load field information*
*Loading field information failed with status: cannot GET 
http://10.250.20.60:9000/api/system/fields (500*

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ced16c80-17c8-4ef5-884a-398e14e87853%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread 'Schwään' via Graylog Users 
this is my graylog log i dont know what to do

2016-09-27T04:44:10.604+02:00 ERROR [AnyExceptionClassMapper] Unhandled 
exception in REST resource
org.elasticsearch.discovery.MasterNotDiscoveredException
at 
org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$5.onTimeout(TransportMasterNodeAction.java:226)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:236)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(InternalClusterService.java:804)
 
~[graylog.jar:?]
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_102]
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_102]
2016-09-27T04:44:10.607+02:00 ERROR [AnyExceptionClassMapper] Unhandled 
exception in REST resource
org.elasticsearch.discovery.MasterNotDiscoveredException
at 
org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$5.onTimeout(TransportMasterNodeAction.java:226)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:236)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(InternalClusterService.java:804)
 
~[graylog.jar:?]
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_102]
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_102]
2016-09-27T04:44:28.030+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:44:30.607+02:00 ERROR [AnyExceptionClassMapper] Unhandled 
exception in REST resource
org.elasticsearch.discovery.MasterNotDiscoveredException
at 
org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$5.onTimeout(TransportMasterNodeAction.java:226)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:236)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(InternalClusterService.java:804)
 
~[graylog.jar:?]
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_102]
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_102]
2016-09-27T04:44:58.032+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:45:28.035+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:45:58.044+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:46:28.047+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:46:58.049+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:47:28.052+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:47:58.055+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:48:27.716+02:00 INFO  [IndexRetentionThread] Elasticsearch 
cluster not available, skipping index retention checks.
2016-09-27T04:48:28.057+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:48:42.767+02:00 INFO  [IndexRangesCleanupPeriodical] Skipping 
index range cleanup because the Elasticsearch cluster is unreachable or 
unhealthy
2016-09-27T04:48:58.060+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:49:28.062+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:49:58.064+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:50:28.067+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:50:58.069+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic cluster check.
2016-09-27T04:51:28.072+02:00 INFO  [IndexerClusterCheckerThread] Indexer 
not fully initialized yet. Skipping periodic

[graylog2] Elasticsearch cluster unavailable (I dont have a CLuster)

2016-10-25 Thread 'Schwään' via Graylog Users 
Hello,

when i Start the Webconfig of Graylog it says 
Elasticsearch cluster unavailable

but i dont have a cluster and don´t have configured a cluster.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/150f66e7-7fab-47a2-8e5c-d60f4c4dc877%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [IndexerSetupService] Could not connect to Elasticsearch || [IndexerSetupService] If you're using multicast, check that it is working in your network and that Elasticsearch is accessibl

2016-10-25 Thread Jochen Schalanda 
Hi Bernadette,

please refer 
to 
http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#elasticsearch-versions
 
for the list of Elasticsearch versions used by Graylog.

Please keep in mind that Graylog 1.1.3 is a pretty old version and I'd 
recommend upgrading to at least Graylog 1.3.3 or even better to the latest 
stable release (Graylog 2.1.1 at the time of writing).

Cheers,
Jochen

On Monday, 24 October 2016 22:00:22 UTC+2, bernadet...@wavestrike.com wrote:
>
> we have a similar issue with graylog-server 1.1.3-1 and ES 1.7.5. Where is 
> there a compatibility chart listed ?
>
> Thanks in advance, Bernadette
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/60a88a27-e086-4a7d-9da6-ff71bc28b0aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: GELF VIA HTTP No Message

2016-10-25 Thread Jochen Schalanda 
Hi,

you're missing the mandatory "version" field, 
see http://docs.graylog.org/en/2.1/pages/gelf.html#gelf-format-specification 
for details.

Cheers,
Jochen

On Monday, 24 October 2016 23:09:57 UTC+2, chris...@maxionwheels.com wrote:
>
> http://docs.graylog.org/en/2.1/pages/sending_data.html#gelf-via-http
>
>
> Following the Documentation I created a GELF HTTP Listener.
> Using CURL I just tried to send the basic message.
>
> C:\Program Files\cURL>curl -XPOST http://graylog:12201/gelf -p0 -d 
> '{"short_message":"Hello 
> there","host":"example.org","facility":"test","_foo":"bar"}' 
> -v -B
> Note: Unnecessary use of -X or --request, POST is already inferred.
> *   Trying 10.0.5.90...
> * Connected to gralog (10.0.5.90) port 12201 (#0)
> > POST /gelf HTTP/1.0
> > Host: graylog:12201
> > User-Agent: curl/7.46.0
> > Accept: */*
> > Content-Length: 69
> > Content-Type: application/x-www-form-urlencoded
> >
> * upload completely sent off: 69 out of 69 bytes
> * HTTP 1.0, assume close after body
> < HTTP/1.0 202 Accepted
> < Content-Length: 0
> < Connection: close
> <
> * Closing connection 0
>
> So I get a 202 Accepted.. But when trying to locate messages received by 
> input...   It is showing no response.
>
> Ideas anyone?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6b13a3ca-f1a8-46f0-9951-4b4db5d5a6ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.