[graylog2] Re: 'did not find meta info for this node' error, but not timesync related?

2016-05-13 Thread Jeff McCombs
So here's a question.. looking at the node output from tokred vs mine.. When you have a cluster of Graylog servers behind a load balancer.. do you configure the API transport address to the cluster IP, or the individual nodes? Could this be the cause of the following errors I'm also seeing?

[graylog2] Re: 'did not find meta info for this node' error, but not timesync related?

2016-05-13 Thread Jeff McCombs
Hi Jochen, I see the records for the nodes: graylog:PRIMARY> db.nodes.find() { "_id" : ObjectId("57363bab05ee16689e192953"), "is_master" : false, "hostname" : "gray01somewhere.com", "last_seen" : 1463172221, "transport_address" : "http://graylog.somewhere.com:12900/;, "type" : "SERVER",

[graylog2] Set External IP

2016-05-13 Thread bokoxev
I've downloaded the OpenStack VM and I'm following the instructions posted here to set my floating IP as my external IP in Graylog but the command keeps throwing a "I don't know that command." error. -- You received this

Re: [graylog2] Re: Graylog Web - Unable to Add Nodes

2016-05-13 Thread Bill Brazell
I couldn't fine a web interface for Graylog 2.0.x. I downgraded to Graylog 1.3.4 and Graylog Web 1.3.4 and it's working fine. Is there a web interface for version 2.0? I didn't see one here: https://www.graylog.org/releases Thanks, Bill On Fri, May 13, 2016 at 12:44 AM, Jochen Schalanda

[graylog2] Re: Relative search queries are not updating

2016-05-13 Thread David Gerdeman
What I mean by doing the same search is selecting "last x minutes" and hitting enter or the search button. I would expect this to give me the last x minutes worth of messages, but it gives me the x minutes worth of messages from the first time of the day that I ran the search. I am using the

[graylog2] Beats plugin from Graylog vs. sivasamyk

2016-05-13 Thread Frederic Desjarlais
Hi, With Graylog 2.0.0 (pre-GA), we've been using the Beats plugin from https://github.com/sivasamyk/graylog-beats-plugin and we recently noticed that Graylog now offers a Beats plugin at https://github.com/Graylog2/graylog-plugin-beats . Could someone describe the difference between these

[graylog2] Re: Unable to Upgrade Graylog from 1.3 to 2.0 Lauched from Readymade AMI

2016-05-13 Thread Utkarsh Sharma
Hi Marius, Getting this error now root@graylog:/opt/graylog/embedded/bin# graylog-ctl reconfigure Starting Chef Client, version 12.6.0 Compiling Cookbooks... Recipe: graylog::default * directory[/etc/graylog] action create (up to date)

[graylog2] Re: Relative search queries are not updating

2016-05-13 Thread Jochen Schalanda
Hi David, what do you mean with "do the same searches 2 hours later"? Are you selecting the same time range in the web interface again? Are you simply reloading the already loaded search results? Are there any (caching) proxies or reverse proxies between you and the Graylog web interface? Or

[graylog2] Re: what is the correct mongodb_uri syntax for replicaset in graylog cluster

2016-05-13 Thread Jochen Schalanda
Hi Lec, you have to provide the name of the database *and* the name of the replica set, e. g. mongodb://db1.example.net,db2.example.net:2500/graylog?replicaSet=rs-name Cheers, Jochen On Friday, 13 May 2016 17:10:40 UTC+2, leck...@gmail.com wrote: > > Hello, > > I am testing 2 cluster system,

[graylog2] what is the correct mongodb_uri syntax for replicaset in graylog cluster

2016-05-13 Thread leckozol
Hello, I am testing 2 cluster system, on both are running graylog 2.x, elasticsearch 2.x and mongodb 3.x Till now mongodb was configured standalone and uri was: mongodb_uri = mongodb://127.0.0.1:27017/graylog of course mongodb was listening localy. Now I want to move mongodb replica set. I

[graylog2] Re: An issue with search in fields

2016-05-13 Thread cazy
This is because ngnix_useragent is apparently a non-analysed field ( https://www.elastic.co/guide/en/elasticsearch/guide/current/mapping-intro.html ). Try ngnix_useragent:*google* instead. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] Re: An issue with search in fields

2016-05-13 Thread cazy
Have you tried ngnix_useragent:*google*? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the

[graylog2] Re: Elasticsearch cluster unhealthy (RED) - triggered on plain clean install from official image

2016-05-13 Thread Joe K
If anyone has same problem. I found that once you run this, it will go back to normal: curl -XPUT 'localhost:9200/_settings' -d '{ "index" : { "number_of_replicas" : 0 } }' (From this page:

[graylog2] Relative search queries are not updating

2016-05-13 Thread David Gerdeman
I might have found a bug...running graylog 2.0.0 virtual appliance recently upgraded to 2.0.1. On the search tab, using the "relative" search options, if I select "search in the last 5 minutes" at 7:30Am, and then I select "search in the last 15 minutes" at 7:45Am, both will return the correct

[graylog2] Re: Graylog indicies

2016-05-13 Thread tokred
FYI, creating aliases on indices does not work for me. I tried setting aliases in the format /PREFIX_\d+/ (e.g. alias "graylog_20" for index "graylog_test") for self-reindexed indices but they do not appear on the indices overview page. Intended behaviour or not? Best regards, tokred On

[graylog2] Re: How to properly setup in order to receive multiple Graylog message inputs?

2016-05-13 Thread tokred
Maybe a misunderstanding from my side, but are you familiar with client-server communication? A Graylog input acts as network service (=server role) waiting for messages from an arbitrary number of clients. No need to have a 1-to-1 relationship, i.e. you do not need a separate input per

[graylog2] An issue with search in fields

2016-05-13 Thread SancheZZS
Hi! We have gralog 1.2.2 We use log-file nginx. We add it in graylog using (GELF TCP) input. In this input already setted extractors with GROK patterns help. Below you can see the model: grok_pattern: %{IPV4:ngnix_clientip} - - \[.*?\] %{WORD:ngnix_method;string} %{DATA:ngnix_path;string}

[graylog2] Re: How to properly setup in order to receive multiple Graylog message inputs?

2016-05-13 Thread Arief Hydayat
Dear Jochen, Thanks for your reply. The bind address there mean the IP of our Graylog server IP? If I do so it will give the "Error starting this input: address already in use" Is there any other way instead of changing the listening port? Because maybe more client will be added. :-) On

[graylog2] Re: 'did not find meta info for this node' error, but not timesync related?

2016-05-13 Thread Jochen Schalanda
Hi Jeff, please check the "nodes" collection in MongoDB and that it contains valid node descriptors while Graylog is running. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving

Re: [graylog2] Re: ERROR: Failed to start service: GraylogCollector on windows

2016-05-13 Thread Jochen Schalanda
Hi, what happens if you try to run the Graylog Collector with the provided .BAT file (see http://docs.graylog.org/en/2.0/pages/collector.html#id4)? Cheers, Jochen On Friday, 13 May 2016 10:16:27 UTC+2, ชีระวิทย์ ภูริเดชชัยพัฒน์ wrote: > > FYI > > [image: Inline image 2] > [image: Inline image

[graylog2] Re: Is the Graylog distribution intended to be for Java 8 or am I hitting an error?

2016-05-13 Thread Jochen Schalanda
Hi Jeff, Graylog 2.0.0 and later require Java 8 (as mentioned in the documentation: http://docs.graylog.org/en/2.0/pages/installation.html). Cheers, Jochen On Friday, 13 May 2016 10:42:23 UTC+2, jeff.y...@raisin.com wrote: > > I've installed Graylog using the instructions on the Graylog

[graylog2] Re: [error] lib.ApiClient - API call failed to execute. java.util.concurrent.ExecutionException: java.net.ConnectException: Connection refused: /127.0.0.1:12900 to http://127.0.0.1:12900/sy

2016-05-13 Thread Raju
Hi Jochen, Following are the configuration files */opt/graylog2-web-interface-0.20.2/conf* graylog2-server.uris="http://127.0.0.1:12900/; application.secret= "KSN79MSuNHAguLyCYIwqOnpYsCJ2UhbpW0bbOXPufv4hxxwtw0nr1YX6h24vRaYMUFega15cVF3w4eA8zcQocQzM4PVYH1Ch" field_list_limit=100

[graylog2] Is the Graylog distribution intended to be for Java 8 or am I hitting an error?

2016-05-13 Thread jeff . younker
I've installed Graylog using the instructions on the Graylog website: $ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.0-repository_latest.rpm $ sudo yum install graylog-server I attempt to start the server with: $ sudo service graylog-server start This gives the error:

[graylog2] Re: [error] lib.ApiClient - API call failed to execute. java.util.concurrent.ExecutionException: java.net.ConnectException: Connection refused: /127.0.0.1:12900 to http://127.0.0.1:12900/sy

2016-05-13 Thread Jochen Schalanda
Hi Raju, make sure that the graylog-server process is running and listening on http://127.0.0.1:12900/ on the machine hosting the Graylog web interface. Cheers, Jochen On Friday, 13 May 2016 09:50:00 UTC+2, Raju wrote: > > While running the graylog2-web-interface i am getting the following

Re: [graylog2] I want to use kibana with graylog2

2016-05-13 Thread Joan Picanyol i Puig
* Rock Chakraborty <chakrabortyr...@gmail.com> [20160513 06:33]: > Is it possible to use kibana with graylog2 ?? It works for me. > If yes then which version i need to choose for kibana and graylog2. I have some kibana 4.1.5 dashboards against graylog 1.3 qvb -- pica --

[graylog2] Re: Graylog stream

2016-05-13 Thread Seba 

Thank you Jochen!


I replaced the regular expression “%.+-\d+-.+: (.*)$” in the message 
extractor with this one, which I found in the GrayLog official 
documentation

[graylog2] Re: Graylog indicies

2016-05-13 Thread kaiser
Ok thank you for your help -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit

[graylog2] Re: graylog_alert timestamp mismatch and alert failure

2016-05-13 Thread Jochen Schalanda
Hi, make sure that the system time and the hardware clock of the machine running Graylog is correct (properly synced and in the correct timezone). Cheers, Jochen On Thursday, 12 May 2016 17:37:07 UTC+2, chrom...@gmail.com wrote: > > *2016-05-12 14:19:48.000* > May 12 15:19:48 localhost

[graylog2] Re: Process buffer is getting full very fast and once full messages are not getting processed

2016-05-13 Thread Jochen Schalanda
Hi Shivakumar, the very simple (and probably not very satisfying) answer is that Drools is too slow to cope with the message throughput. Either you simplify the Drools rules significantly (or remove them completely, e. g. by moving the processing to the clients) or you add more hardware (i. e.

[graylog2] Re: Graylog Web - Unable to Add Nodes

2016-05-13 Thread Jochen Schalanda
Hi Bill, since you've just started setting up Graylog 1.x, I'd recommend recreating the setup with the latest stable release (Graylog 2.0.1 at the time of writing). The error message itself looks like you're trying to use the Graylog 1.x web interface with Graylog 2.0.x, which simply isn't

[graylog2] Re: [Graylog2.0] experiencing

2016-05-13 Thread kaiser
Hello Jochen, Thank you for your reply. I have managed to install graylog successfuly and make it work. I will post details on how to upgrade on a centos6 ; I think it could be useful for someone else. Regards, -- You received this message because you are subscribed to the Google Groups

[graylog2] Re: How to properly setup in order to receive multiple Graylog message inputs?

2016-05-13 Thread Jochen Schalanda
Hi Arief, you have to provide a specific bind address for the input named "FNIT-WIN-WEB01" and not the wildcard address 0.0.0.0. Alternatively, you can simply change the listening port of one of those inputs. Cheers, Jochen On Friday, 13 May 2016 04:17:46 UTC+2, Arief Hydayat wrote: > > >

[graylog2] Re: Unable to start graylog web interface

2016-05-13 Thread Jochen Schalanda
Hi Vegesna, there's another instance of the web interface already running on that system so that the new instance can't bind to port 9000. You'll have to stop or kill the old instance before the new one can be started. Cheers, Jochen On Friday, 13 May 2016 06:43:15 UTC+2, Vegesna Narasimha

[graylog2] Re: [Graylog2.0] experiencing

2016-05-13 Thread Jochen Schalanda
Hi, are there any error messages in the Developer (Javascript) Console of your web browser or in the logs of your Graylog node? Cheers, Jochen On Thursday, 12 May 2016 16:16:46 UTC+2, kaiser wrote: > > Hello, > > I have installed graylog 2.0 on centos6 > > I have acces to the web interface. >

Re: [graylog2] [Graylog 2.0] Web interface

2016-05-13 Thread Jochen Schalanda
Hi, you probably didn't copy/migrate the Graylog node ID file (see https://github.com/Graylog2/graylog2-server/blob/2.0.1/misc/graylog.conf#L5-L7 ). Cheers, Jochen On Thursday, 12 May 2016 13:09:14 UTC+2, kaiser wrote: > > Hi Jochen, > > I managed to access graylog web interface. > >

[graylog2] Re: Graylog indicies

2016-05-13 Thread Jochen Schalanda
Hi, either you create aliases with the correct naming scheme for those old indices ( https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices-aliases.html) or you have to change the elasticsearch_index_prefix setting (

[graylog2] Re: ERROR: Failed to start service: GraylogCollector on windows

2016-05-13 Thread Jochen Schalanda
Hi, please post the complete log and output of Graylog Collector on your system. Cheers, Jochen On Friday, 13 May 2016 08:40:53 UTC+2, ชีระวิทย์ ภูริเดชชัยพัฒน์ wrote: > > I can install GraylohCollector but I can not start service please help me > > ERROR > - > ERROR: Failed to

[graylog2] 3-node cluster, strangeness "did not find meta info" and webUI oddities

2016-05-13 Thread Jeff McCombs
Hi gang, I'm running into a strange problem where my graylog nodes are complaining about not being able to find their meta info: 2016-05-12T11:50:09.691-07:00 WARN [NodePingThread] Did not find meta info of this node. Re-registering. 2016-05-12T11:50:12.878-07:00 WARN [NodePingThread] Did

[graylog2] "did not find meta info of this node." error

2016-05-13 Thread Jeff McCombs
I'd be grateful if anyone could help point me in the right direction for this... Here's the issue: I've got a 3-node setup sitting behind an F5 as a POC... After about 5-10 minutes of all three nodes up and running, I start to see occasional "blips" in the web UI and the following entries in

[graylog2] ERROR: Failed to start service: GraylogCollector on windows

2016-05-13 Thread ชีระวิทย์ ภูริเดชชัยพัฒน์
I can install GraylohCollector but I can not start service please help me ERROR - ERROR: Failed to start service: GraylogCollector on windows -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop