Hi All,
I have a application in my linux machine with some ip "x.x.x.x" can anyone
tell me how to configure those application logs into graylog. It's a linux
environment. The application logs are from weblogic domain console.
Thank you
--
You received this message because you are subsc
Jochen -
I am an idiot. All this debugging and I never looked at the obvious. The
clock on the VM that Graylog is running on was behind. Even though the
timezone settings were set it was still using correct system time (even
though it was set incorrectly)
I have configured ntp and then resynced t
It did not. Here is what I show now
User *admin*:2016-03-21 11:02:56.622 -04:00Your web browser:2016-03-21
15:05:35.323 -04:00Web interface default JDK/JRE:2016-03-21 11:02:56.625
-04:00Web interface configuration:2016-03-21 15:02:56.625 +00:00Graylog
master server:2016-03-21 11:02:56.626 -04:00
Jochen -
Apologies, I was wrong. this is still an issue
For some reason the timestamp is not being parsed out. Here is an example
maillog snippet captured with tcpdump
Msg: 0 2016-03-21T14:55:39.065576-04:00 njseinfv01 postfix 5370 - -
0014F3FC9E: to=,
relay=aspmx.l.google.com[74.125.29.26]:25,
Jochen -
1.) This is my current rsyslog template per your docs
$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION%
%TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID%
%STRUCTURED-DATA% %msg%\n"
*.* @log-host:514;GRAYLOGRFC5424
And they are resulting in the following log stamps
Msg
Hi Steve,
Graylog blocks writes to rotated indices to prevent accidental
modifications.
You can remove the write block by setting index.blocks.write to false, see
https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-update-settings.html
for details.
Cheers,
Jochen
On Monday,
Hi Charles,
the easiest fix would be to include the timezone in your syslog messages
(following RFC 5424: https://tools.ietf.org/html/rfc5424#section-6.2.3).
There's also an option in the syslog inputs in Graylog to override the
included timestamp and use the ingestion time as message timestamp
Hi Guys,
I'm using nxlog to foward my logs to my graylog setup. I'm currently using
the ova for the time being while I get my head around things.
I want the 'source' field to be the hostname of the sending server, rather
than it's IP address, how do I configure this?
I've checked the a/ptr rec
Jochen -
I will consolidate all my answers here
It does look timezone related. The WebUI is EST as is the log stamps but
the graylog server is set to UTC. I tried a series of things when setting
up graylog like EST/EDT and so on but I kept getting an exception on
starting it
As you can see from
Hello
Thank you very much! I have now my query but when i try to delete
something, then i have this error.
"error" : "ClusterBlockException[blocked by: [FORBIDDEN/8/index write
(api)];]",
"status" : 403
The query with "-x get" works, but "x- delete" with the error.
cheers
Steve
Am Montag
Jochen -
I understand. I wasnt getting any response there and I have business
wanting to get this PoC rolling so I had to escalate accordingly. Sorry
about that
Actually, for some reason or another, I woke up this morning and reviewed
the system and messages are getting in but they are delayed >
Hi Charles,
it would be nice if you could reference other locations in which you've
already posted the same question in future posts (e. g.
https://www.reddit.com/r/linuxadmin/comments/4b9kgq/graylog2_udp_syslog_input_receiving_messages_but/).
This prevents duplicated work across different Int
Confirmation I am getting data with UDP syslog listening on 1514
http://imgur.com/a/VjESi - I have another VM which is running rsyslog and
pushing messages to the graylog2 server via this doc
https://marketplace.graylog.org/addons/a47beb3b-0bd9-4792-a56a-33b27b567856
.
One thing I also did on
Hi,
On Monday, 21 March 2016 11:56:09 UTC+1, kaiser wrote:
>
> Graylog converter is a graylog plugin?
>
No, it's a built-in converter to be used with incoming messages (as part of
an extractor chain).
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Group
Hi Jochen,
thank you for your answer.
Graylog converter is a graylog plugin?
regards.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@g
Hi,
the separator character can be configured in Graylog's CSV converter but
not when exporting messages as CSV.
Cheers,
Jochen
On Monday, 21 March 2016 08:58:49 UTC+1, kaiser wrote:
>
> Hello,
>
> is it possible to config graylog so that the csv separator field is ";"
> instead of ","?
>
> r
Hello,
is it possible to config graylog so that the csv separator field is ";"
instead of ","?
regards.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to grayl
Hello Joi,
I ll make a try.
Thx.
Regards.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on t
Hello Jochen,
The full_message field is present in my logs.
I have filtered on the full_message field on my query search.
For me to make it work I have to modify the export csv url with
full_message field.
regards,
--
You received this message because you are subscribed to the Google Groups
19 matches
Mail list logo
