[graylog2] Export CSV doesn't work on IE\Edge

[Jonata]

I'm using Graylog v2.1.1 and although Export CSV feature works fine on 
Chrome I can't make it work on Internet Explorer or Microsoft Edge. 

It seems for some reason those Microsoft browsers have some problems with 
sessions. For instance, last time i tried using Edge, the a tag generated 
for Export CSV was:

https://956fda1c-6cc4-4d24-9e12-cb07bfc28518:session@myserver.local.domain:443/api/search/universal/relative/export?query=%2Arange=300fields=source%2Cmessage;
 
data-reactid=".0.2.1.0.$/=10.0.0.1.0.2.2.0.$/=11.$export/=1$export.0">Export 
as CSV

Is there any know issue with Export CSV feature and IE/Edge?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3a51dec0-fa4d-4bd6-b23f-08ab0a5b7030%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Gelf Decoding Processor error after upgrade from 1.3.x to 2.1.1

[5thfishie]

After an upgrade of graylog from 1.3 to 2.1.1 I'm seeing lots of errors in 
the server.log.  I've determined which input is the issue, GELF UDP but I'm 
unable to determine the source.  I'm not sure if this is a bug or an 
offending application that is submitting bad data to graylog.  Is there a 
way to up the logging level on the input to try and determine the source of 
these messages?  

2016-11-15T16:21:56.393-08:00 ERROR [DecodingProcessor] Unable to decode 
raw message RawMessage{id=ae94a190-ab92-11e6-bca1-005056935150, 
journalOffset=3150596, codec=gelf, payloadSize=19, 
timestamp=2016-11-16T00:21:56.393Z} on input <58237e45d238b734006cc51c>.
2016-11-15T16:21:56.393-08:00 ERROR [DecodingProcessor] Error processing 
message RawMessage{id=ae94a190-ab92-11e6-bca1-005056935150, 
journalOffset=3150596, codec=gelf, payloadSize=19, 
timestamp=2016-11-16T00:21:56.393Z}
com.fasterxml.jackson.core.JsonParseException: Unrecognized token 
'default': was expecting ('true', 'false' or 'null')
 at [Source: default send string; line: 1, column: 8]
at 
com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1586) 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:521)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2754)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1820)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:708)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3847)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3792)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:2332) 
~[graylog.jar:?]
at org.graylog2.inputs.codecs.GelfCodec.decode(GelfCodec.java:120) 
~[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:146)
 
~[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:87)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:58)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35)
 
[graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) 
[graylog.jar:?]
at 
com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66)
 
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
2016-11-15T16:21:58.178-08:00 ERROR [GelfCodec] Could not parse JSON, first 
400 characters: default send string
com.fasterxml.jackson.core.JsonParseException: Unrecognized token 
'default': was expecting ('true', 'false' or 'null')
 at [Source: default send string; line: 1, column: 8]
at 
com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1586) 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:521)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2754)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1820)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:708)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3847)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3792)
 
~[graylog.jar:?]
at 
com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:2332) 
~[graylog.jar:?]
at org.graylog2.inputs.codecs.GelfCodec.decode(GelfCodec.java:120) 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:146)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:87)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:58)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35)
 
[graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) 
[graylog.jar:?]
at 
com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66)
 

[graylog2] How to upgrade from Graylog 2.1.1 to 2.1.2 without losing any changes to the graylog server (CentOS 7)

[Jose Aquino]

Hi everyone,

I am relatively new to Graylog as we have just started to look at log 
management for our network. I was able to install Graylog 2.1.1 and was 
able to create some basic functionality with the server through inputs, 
streams and alerts.

Recently, Graylog released version 2.1.2 which had some interesting changes 
that I want to test out. However, I am having trouble finding the exact 
documentation for upgrading from 2.1.1 to 2.1.2. Can anyone point me to the 
right direction in terms of upgrading from 2.1.1 to 2.1.2?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d5a82cd7-d3c8-4d9c-838a-3b157e45ef08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Whats Better for Graylog Udp or Tcp

[Jason Haar]

On Tue, Nov 15, 2016 at 4:33 AM, Jochen Schalanda 
wrote:

> Use whatever is supported best by your network appliances.
>

Well I would add "it depends". UDP is absolutely fine over LANs - if you
have near guarantees about zero packet loss - use UDP as its more
efficient. But if WANs or the Internet is involved - use TCP. And in fact,
use TLS over TCP - just because it's 2016 - not 1999 ;-)




-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgJDkSoR8V5iCFC%2BzcDVF6mb6Y%2B8gg-5H-Qgpoc9PTx1Eg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elastic Search 2.4.1

[Jochen Schalanda]

Hi Steve,

Elasticsearch 2.4.x is supported by Graylog 2.1.0 and later.

Cheers,
Jochen

On Tuesday, 15 November 2016 22:27:38 UTC+1, Steve Kuntz wrote:
>
> Hi,
>
> Quick question, does Graylog fully support connecting to Elastic Search 
> 2.4 branch or should I stick with 2.3.5?
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5496c1f4-f67c-4acc-99e8-f0ecf7cbc9ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Elastic Search 2.4.1

[Steve Kuntz]

Hi,

Quick question, does Graylog fully support connecting to Elastic Search 2.4 
branch or should I stick with 2.3.5?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9dcacf54-882a-44f6-8ab9-cf3cf93bb35b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Journal processing problem

[John Buchanan]

I am encountering a situation on my 2-node cluster (2 Graylog nodes, 3 
Elasticsearch nodes) whereby the Process Buffer fills up, or begins to 
quickly ramp up in usage, messages are being written to the disk journal, 
but not read from. The journal usage can grow to the hundreds of thousands 
or millions of messages in fairly short order, and I'm coming up short as 
to discovering why this is happening.  It's similar to if I manually paused 
message processing, except that the Process Buffer usage ramps up quickly 
as well, which is not the case when manually pausing of processing. 
Processing of messages appears to restart as suddenly as it halted, and 
when it does the processing rate can be as high as 20k / second, so I'd 
like to think I'm not running in to a load issue.

We are collecting the usual vitals via SolarWinds, and nothing appears out 
of the ordinary there.  Systems are all physical, HP servers purchased 
Spring of this year. OS is CentOS 6.8, reasonably up to date patch wise.

The default Info log level does not appear to catch anything useful at the 
onset of this anomaly, and leaving my nodes in Debug chews up storage space 
very quickly.

So, has anyone ever run in to this? Process Buffer usage goes form almost 
zero to max very quickly, Journal usage shows that messages continue to be 
written to, but not read-from, and it starts back up as quickly as it 
halted.

Thanks much,

John

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4937c8b5-5259-4b55-bcb3-9f4cfaa68921%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Pipeline arithmetic (in the then statement) OR datediff ?

[Drew Miranda]

Thanks!

On Tuesday, November 15, 2016 at 3:25:15 AM UTC-6, Jan Doberstein wrote:
>
> Hej Drew,
>
> we have this feature issue in the pipeline repository: 
> https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/91 
>
> the answer is - not yet but will be.
>
> with kind regards
> Jan
>
> 2016-11-14 16:11 GMT+01:00 Drew Miranda :
>
>> Hi All,
>> Is it possible to do date comparisons in the pipeline rules "then" 
>> section? I see we can do comparisons in the "WHEN" section. I can't seem to 
>> find a way to do date diffing though. Also, arithmetic doesn't seem to work 
>> either. Any ideas?
>>
>> The reason I'm interested in doing this is writing rules to trigger 
>> alerts when two datetime values in the message are different by more than 5 
>> minutes. For example, the windows event log writes an event every time its 
>> system time changes, almost always because of Active Directory [server] 
>> time sync. It has a filed for old and new times. Differences of greater 
>> than 300 seconds are super important to catch due to issues they can cause. 
>> Currently i've had to export the messages in CSV and use excel to compute 
>> this.
>>
>> Thanks!
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> | Voice: +49 173 7100308 | Text: j...@jalogisch.de 
> | http:// jalogis.ch/bio
> |---
> | send from my extraordinary device
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b1c65221-804c-4fda-bb49-5420f0c9d40b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Timeout GET http://10.102.0.16:9000/api/system/sessions Status code undefined on graylog Web Interface

[Jochen Schalanda]

Hi Pierrick,

web_endpoint_uri has to point to the public address of the Graylog REST 
API. In your case, you've pointed it to the address of the Graylog web 
interface.

Cheers,
Jochen

On Tuesday, 15 November 2016 11:53:44 UTC+1, Pierrick Prost wrote:
>
> More informations about my problem :
>
> i'm on a Jelastic Pass environnement. To connect to my graylog web UI, I 
> made an endpoint to my http://10.102.0.16:9000/ local URI., configure 
>  the Web interface endpoint URI like that :
>
> web_endpoint_uri = http://my_public_dns_endpoint:11011
>
>
> And now i have this error :
>
> Error - the server returned: 404 - cannot POST 
> http://my_public_dns_endpoint:11011/system/sessions 
>  (404)
>
>
>
> thanks guys :)
>
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e2664b1a-ad47-4ed5-ae28-2f47b7d4749e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Timeout GET http://10.102.0.16:9000/api/system/sessions Status code undefined on graylog Web Interface

[Pierrick Prost]

More informations about my problem :

i'm on a Jelastic Pass environnement. To connect to my graylog web UI, I 
made an endpoint to my http://10.102.0.16:9000/ local URI., configure 
 the Web interface endpoint URI like that :

web_endpoint_uri = http://my_public_dns_endpoint:11011


And now i have this error :

Error - the server returned: 404 - cannot POST 
http://my_public_dns_endpoint:11011/system/sessions 
 (404)



thanks guys :)

>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7b4298cc-7eb6-4de2-9299-86502cbe3fc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Timeout GET http://10.102.0.16:9000/api/system/sessions Status code undefined on graylog Web Interface

[Pierrick Prost]

More informations about my problem :

i'm on a Jelastic Pass environnement. To connect to my graylog web UI, I 
made an endpoint to my http://10.102.0.16:9000/ local URI., configure 
 the Web interface endpoint URI like that :

web_endpoint_uri = http://my_public_dns_endpoint:11011


And now i have this error :

Error - the server returned: 404 - cannot POST 
http://node320-graylog1.hidora.com:11011/system/sessions (404)



thanks guys :)


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9a9ef0fc-7a3c-4537-9d98-5860a628b150%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: using graylog just for indexing logs not storing them

[Benbrahim Anass]

yes that's what i'm going to do
thanks man
cheers

Le mardi 15 novembre 2016 11:11:03 UTC+1, Jochen Schalanda a écrit :
>
> Hi Anas,
>
> On Tuesday, 15 November 2016 10:49:53 UTC+1, Benbrahim Anass wrote:
>>
>> i wanna use graylog just for indexing in real time thoses logs and 
>> configure alarms based on them in real time always
>>
>
> That's not possible. Graylog is using regular searches to check for alert 
> conditions.
>
> You could, however, reduce the retention time for your indices, e. g. only 
> keep messages for 1 day (or whatever is suitable in your environment).
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/abe2dd86-97e0-4bad-8e8e-70954fa41be8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Timeout GET http://10.102.0.16:9000/api/system/sessions Status code undefined on graylog Web Interface

[Pierrick Prost]

hy guys,

i have trouble to configure my graylog web interface working with graylog 
server. Here is my configuration :

Packages:

yum list installed | grep gray*
graylog-2.1-repository.noarch   1-3 installed
graylog-server.noarch   2.1.2-1 @graylog
python-urlgrabber.noarch3.10-7.el7  installed


my server.conf :

rest_listen_uri = http://10.102.0.16:9000/api/
web_listen_uri = http://10.102.0.16:9000/
web_endpoint_uri = http://10.102.0.16:9000/


Curl command return :

[root@node320-graylog1 ~]# curl http://10.102.0.16:9000


  



Graylog Web Interface


  
  















  





[root@node320-graylog1 ~]# curl http://10.102.0.16:9000/api/
{"cluster_id":"e61b98e5-7a9d-45ca-a24b-e2ba8cf5da1c","node_id":"a84a28b9-b946-427e-be7c-85567dd6eef9","version":"2.1.2+50e449a","tagline":"Manage
 
your logs in the dark and have lasers going and make it look like you're 
from space!"}[root@node320-graylog1 ~]#


--

curl http://10.102.0.16:9000/api/system/sessions
{"session_id":null,"username":null,"is_valid":false}[root@node320-graylog1 
~]#


-

When i connect to my Web UI, i have a timeout :

Server currently unavailable

We are experiencing problems connecting to the Graylog server running on 
*http://10.102.0.16:9000/*. Please verify that the server is healthy and 
working correctly.

You will be automatically redirected to the previous page once we can 
connect to the server.

Do you need a hand? We can help you 
.
Less details 
--

This is the last response we received from the server:
Error messageBad requestOriginal RequestGET 
http://10.102.0.16:9000/system/sessionsStatus codeundefinedFull error 
messageError: Request has been terminated Possible causes: the network is 
offline, Origin is not allowed by Access-Control-Allow-Origin, the page is 
being unloaded, etc.



Thanks for your helps guys :)




-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bffae5ef-f3fa-4dc0-a7d8-e9b7f73adadc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: using graylog just for indexing logs not storing them

[Jochen Schalanda]

Hi Anas,

On Tuesday, 15 November 2016 10:49:53 UTC+1, Benbrahim Anass wrote:
>
> i wanna use graylog just for indexing in real time thoses logs and 
> configure alarms based on them in real time always
>

That's not possible. Graylog is using regular searches to check for alert 
conditions.

You could, however, reduce the retention time for your indices, e. g. only 
keep messages for 1 day (or whatever is suitable in your environment).

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/30960cce-594c-4ef4-b785-07bc072a863d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How remove old messages in graylog?

[Jochen Schalanda]

Hi,

On Tuesday, 15 November 2016 10:55:58 UTC+1, Israel Martinez Bermejo wrote:
>
> What is the recommend retaing messages and indices?
>

Whatever fits your requirements best.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2a02d799-fd3c-4326-9730-540e25d093f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: using graylog just for indexing logs not storing them

[Benbrahim Anass]

i already have a basic Syslog server storing everything, i dont want to do 
the same thing with graylog
i wanna use graylog just for indexing in real time thoses logs and 
configure alarms based on them in real time always

Cheers
Anas

Le lundi 14 novembre 2016 14:52:18 UTC+1, Jochen Schalanda a écrit :
>
> Hi Anas,
>
> what exactly do you mean with "just for reading logs and not storing 
> them"? Could you elaborate on your use case(s)?
>
> Cheers,
> Jochen
>
> On Monday, 14 November 2016 08:38:42 UTC+1, Benbrahim Anass wrote:
>>
>> hi everyone,
>> i'm wondering if it is possible to use graylog just for reading logs and 
>> not storing them, and i like to know where to configure that 
>> i like to know also the minimum amount of ram ram needed for logs of a 
>> mid size company ( around 20 equipements)
>> cheers
>> Anas 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4d7c230f-333c-4d2c-9c28-92f0ff5a26ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How remove old messages in graylog?

[Jochen Schalanda]

Hi,

you've configured to retain 2,000,000 messages per index and to retain 20 
indices, meaning you will have 40,000,000 messages until Graylog starts 
rotating/deleting old indices.

Cheers,
Jochen

On Tuesday, 15 November 2016 08:41:30 UTC+1, Israel Martinez Bermejo wrote:
>
> Hi Jochen.
>
> I put 2.000.000 in System/Indices but not remove the messages.
> I recalculate index and manually cicly defector but nothing...
>
> Look the image please.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fe397a52-07de-44b1-b05f-602d77bbc296%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.