Check your hosts /etc/nsswitch.conf file and verify the line for "hosts:
files dns" does exist and has files before dns. Then edit /etc/hosts and
add a single line for the IP followed by the hostname you want it to show
aas the source in graylog. If your host's resolver finds a match in
I wondered if anyone is moving data over X days old to slower nodes in
order to keep the most recent data performing as fast as possible. Do you
have any advice or articles I could reference?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
Hi,
I have 2 Graylog VMs (I set them up from the official OVA, stable branch
1.3.3.).
* (VM1) On one location I want to retrieve, cache and forward data.
With caching I mean. that I want to hold them for some hours, should the
connection be severed due to networking issues etc.
* (VM2) One
Hi Domenik,
Could you please check that you get two packages (one for 1.2.x, and another
one with 1.3.3) when you run this command?
# yum info graylog-server
I tried to upgrade Graylog on a test Centos 6 VM, and this is how I did it:
# wget
On our DNS server one of my machines has two A records, and two
corresponding PTR records.
ie:
server1 = 10.10.10.1
server001 = 10.10.10.1
This causes Graylog to treat this server as two different sources, it
splits all input from that collector 50/50, some log entries show as source
Thanks Jochen.
On Thursday, February 18, 2016 at 10:12:37 AM UTC, Jochen Schalanda wrote:
>
> Hi Rui,
>
> On Wednesday, 17 February 2016 17:45:45 UTC+1, Rui Goncalves wrote:
>>
>> The question is: what does that means - "202 Accepted for processing..."?
>>
>> 1) Got your message and it's stored
Thanks again guys, I had the port number but had left out the @, it is
working now.
On Thursday, 18 February 2016 04:56:00 UTC-5, Jochen Schalanda wrote:
>
> Hi Dennis,
>
> please see the Graylog documentation about configuring the syslogd in Mac
> OS X:
>
Sorry, I've read that Graylog 1.3 is not compatible with Elasticsearch 2.x.
So I've installed Elasticsearch 1.7.5 and everything is OK.
Regards,
El jueves, 18 de febrero de 2016, 11:50:14 (UTC-3), roberto...@gmail.com
escribió:
>
> Dear, I've installed a syslog server with the last versions of
Graylog 1.3.* => ES 1.7.*
Graylog 2 (alpha) => ES 2.*
Le jeudi 18 février 2016 15:50:14 UTC+1, roberto...@gmail.com a écrit :
>
> Dear, I've installed a syslog server with the last versions of
> Elasticsearch 2.2.0 and Graylog 1.3.3, both installed via APT-GET packages
> as I've done later with
Hey,
Encountered a rather strange issue. If a number is the first character
parsed by a syslog tcp input, the following exception is thrown. However,
sending the same input to a syslog UDP input works fine.
2016-02-18 15:19:28,898 ERROR:
org.graylog2.plugin.inputs.transports.NettyTransport -
All ok, sorry. all data distibuted by 50% per node )
On Thursday, February 18, 2016 at 2:00:21 PM UTC+3, Evgen787 Evg wrote:
>
> Hi all!
>
> A`m new in Graylog2, my question about the rotation and elasticsearch
> shard.
>
> A have graylog rotation policy - 1GB per index and a maximum number of
Hi,
To debug the issue you can use std out as output in logstash:
output {
stdout{ codec => rubydebug }
}
The run logstash -f config.file and watch what happens.
The file input should also start from beginning of file and the .since*
files should be removed
//Johan
Hi Edmundo,
thanks for your quick reply.
This I have done as the first and is already installed.
[root@bigbrother ~]# yum info graylog-1.3-repository-el6.noarch
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.softaculous.com
* epel: ftp.nluug.nl
*
Hi all!
A`m new in Graylog2, my question about the rotation and elasticsearch shard.
A have graylog rotation policy - 1GB per index and a maximum number of 10
indices*.*
2 shards, 0 replica. 2 elasticsearch nodes.
es cluster:
es1 node master only + data.
es2 data only.
# curl
Hi Rui,
On Wednesday, 17 February 2016 17:45:45 UTC+1, Rui Goncalves wrote:
>
> The question is: what does that means - "202 Accepted for processing..."?
>
> 1) Got your message and it's stored on journal. Message will be processed
> eventually. It's safe...
> 2) Got your message and I'm going
Hi Domenik,
I am not sure which of the emails you are following, but I would recommend
installing the rpm packages from our repository, in that way you will receive
new updates for Graylog 1.3 automatically:
Hi Bernie,
the graylog-ctl and related scripts have specifically been created for the
virtual appliances. Under the hood, they're using the Chef cookbooks
provided at https://github.com/Graylog2/graylog2-cookbook.
Could you elaborate a little bit on what you would need those scripts for?
Hi Dennis,
please see the Graylog documentation about configuring the syslogd in Mac
OS
X:
http://docs.graylog.org/en/1.3/pages/sending_data.html#sending-syslog-from-macos-x-hosts
Cheers,
Jochen
On Wednesday, 17 February 2016 20:12:01 UTC+1, Dennis Seaton wrote:
>
> Has anyone had success
At first, sorry for my "bad" english.
How does an update work to Graylog on 1.3?
My System:
- CentOS release 6.7 (Final)
- graylog-server-1.2.2-1.noarch
- graylog-web-1.2.2-1.noarch
- YUM-Repro (baseurl=https://packages.graylog2.org/repo/el/$releasever/
*1.3*/$basearch/)
19 matches
Mail list logo