[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Jochen, I have provided our IP address viz 192.168.178.228 in place of 0.0.0.0 in both fields. You can consider 192.168.178.228 in place of 0.0.0.0 present in the conf files i have provided to you. Regards, Shrawan On Tuesday, 27 September 2016 19:52:07 UTC+5:30, Jochen Schalanda wrote: >

[graylog2] Re: Using the Beats inputs - forwarder configuration

Hi Jochen, I set up a filebeat forwarder on the Graylog server just to test localhost forwarding with the following configurations but even though Graylogs inputs page shows an active connection no data is being ingested: - bind_address: 0.0.0.0 - override_source: admin - port:

[graylog2] Re: Displayed columns and their order in saved searches

Looks like it's meant to work as above but it doesn't! http://docs.graylog.org/en/2.1/pages/queries.html "Once you submitted your search, selected the fields you want to show from the search sidebar, and chosen a resolution for the histogram, click on the *Save search criteria* button on the s

[graylog2] Displayed columns and their order in saved searches

Hi, Saved searches seem to save the query but not the display options such as displayed columns. We have many fields and require different views for different purposes. It would be amazing if saved searches could actually save display settings as well as the actual query. Is it meant to save

[graylog2] graylog messages In 0 / Out 0 msg/s.

Hi all, I have a cluster of two graylog (one configured as server and one as backend), The messages processing on the primary keep jumping from mostly In 0 / Out 0 msg/s. to couple hundred, sometimes to over couple thousands. I don't see any errors on elasticsearch logs, or server logs. The

[graylog2] Re: Processing of stream failed to return within 2000ms.

Ok that is quite clear! Now I'll have to figure out why that bottleneck is happening. I doubt I can see the metrics later then 15 mins so that will be challenging! I'm currently moving the VM to SSDs which can't hurt but I doubt it'll solve the problem. On Tuesday, 27 September 2016 12:16:47

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, from your screenshot it seems pretty clear that Elasticsearch can't index messages at the same rate that they are ingested and processed by Graylog. On Tuesday, 27 September 2016 17:57:16 UTC+2, juli...@gmail.com wrote: > > So process is when be when message is actually parsed and output is

[graylog2] Re: Processing of stream failed to return within 2000ms.

As you can see in the screenshot from this morning, Process and Output are full and Journal keeps growing accordingly. So process is when be when message is actually

Re: [graylog2] Broken Streams?

I bumped it up to 2 minutes, but it didn't make any difference. I created a new steam with just one rule (must match EventID 4625). It has the same alert conditions as the original, with a 2 minute time frame. It doesn't send an email either, although it also shows up with the first stream a

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, On Tuesday, 27 September 2016 16:50:44 UTC+2, juli...@gmail.com wrote: > > Thanks for the links but ins't the problem with the Kafka journal more > then ES indexing really? And isn't lowering processors an issue considering > the bottleneck? > the disk journal is rarely the problem. Check

[graylog2] Re: Processing of stream failed to return within 2000ms.

Thanks for the links but ins't the problem with the Kafka journal more then ES indexing really? And isn't lowering processors an issue considering the bottleneck? On Tuesday, 27 September 2016 10:20:47 UTC-4, Jochen Schalanda wrote: > > Hi, > > see > https://www.elastic.co/guide/en/elasticsear

Re: [graylog2] Broken Streams?

Hi Nathan, 1 minute is a rather unfortunate time frame, given that alert_check_interval is 60 seconds by default. You should try increasing that time frame to 2 or 5 minutes in your alert conditions. Cheers,

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, your rest_transport_uri and web_endpoint_uri settings are wrong. They have to be specific URIs (and 0.0.0.0 is not a valid IP address). Use their default values if you don't know how to set them. Cheers, Jochen On Tuesday, 27 September 2016 15:32:48 UTC+2, Shrawan Bhagwat wrote: >

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, see https://www.elastic.co/guide/en/elasticsearch/guide/current/indexing-performance.html and https://blog.codecentric.de/en/2014/05/elasticsearch-indexing-performance-cheatsheet/ for general Elasticsearch tuning hints. Your number of processbuffer_processors and outputbuffer_processors

Re: [graylog2] Broken Streams?

I'm sorry I didn't include a screenshot of this in the other message, but there is an alert configured. See attached picture. Additionally, down at the bottom of the screen to configure alerts for the stream, it lists 1 triggered alert from 6 days ago. Not sure why it worked then, and doesn't

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Jochen, I have uploaded elasticsearch and graylog configuration file and also web interface screenshot. Please guide. Regards, Shrawan On Tuesday, 27 September 2016 18:23:07 UTC+5:30, Jochen Schalanda wrote: > > Hi Shrawan, > > On Tuesday, 27 September 2016 14:07:49 UTC+2, Shrawan Bhagwat w

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hello Jochen, Ok I see what you are saying and I guess even if the stream processing is rather faster, having an average spike of 1000msg/sec is a huge load and will cause backlog. Inbound: 15 minute avg:1,003.21 events/secondOubound:15 minute avg:687.23 events/secondProcessTime:Mean:8,585μs

[graylog2] Trying to manage the Graylog Server with the separate graylog web in 2.1.1 version

Hi everyone, I am trying to deploy the two nodes of *graylog .* each instance is in separate, virtual machine. I configure one node with the web interface enable and I called this *graylog-web.* another node is configured as the web interface disabled and i called this *graylog-server*. The

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, On Tuesday, 27 September 2016 14:07:49 UTC+2, Shrawan Bhagwat wrote: > > please tell me again what info i have to provide. > Your current configuration (Graylog and Elasticsearch), the logs of your Graylog and Elasticsearch nodes, and the error messages from the JavaScript/Developer

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Jochen, please tell me again what info i have to provide. Regards, Shrawan On Tuesday, 27 September 2016 14:08:42 UTC+5:30, Jochen Schalanda wrote: > > Hi Shrawan, > > you need to provide more information, otherwise we can't help you. > > Cheers, > Jochen > > On Tuesday, 27 September 2016 10

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, On Monday, 26 September 2016 16:31:21 UTC+2, juli...@gmail.com wrote: > > As a 'coincidence', the the journal filled up to maximum capacity (and > failed) really quickly during the same period due to spikes in events at > that time (expected) so I adjusted the journal > size, processbuffer_

Re: [graylog2] Grayllog collector port 12900 or 9000 ???!!

Hi Sangh, the Sidecar needs a connection to the Graylog REST API. The _default_ port for the api changed in Graylog 2.1 from 12900 to 9000/api. But you can still use the old settings with newer Graylog versions. Only make sure that the Sidecar can talk to the api. Cheers, Marius On 27 September

[graylog2] Grayllog collector port 12900 or 9000 ???!!

Hi, previous collectors side car used port 12900 in /etc/graylog/collector-sidecar/collector_sidecar.yml to connect to server. Now it is changed to 9000 https://github.com/Graylog2/collector-sidecar. Still for me the 12900 works but not the 9000 ?? Thanks -- You received this message becaus

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, you need to provide more information, otherwise we can't help you. Cheers, Jochen On Tuesday, 27 September 2016 10:22:45 UTC+2, Shrawan Bhagwat wrote: > > Hi Jochen, > > I think issue regarding MongoDb has been resolved but i am not able to > login through webinterface. It's display

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Jochen, I think issue regarding MongoDb has been resolved but i am not able to login through webinterface. It's displaying "Server currently unavailable" message. I have checked previously posted comments regarding this error but we are having all these already done for that and i also check

Re: [graylog2] Broken Streams?

Hey Nathan, so routing the message into the stream seems to work. The reason why you did not get an alert mail, is that you need to define an alert condition first. You do that by clicking “Manage Alerts” in the Streams page next to your stream and then follow the steps below “Add alert conditi

[graylog2] Re: Error Initialising publisher: No outputs are defined. Please define one under the output section in graylog collector sidecar and filebeat

Hi, please post your Graylog Collector Sidecar configuration file and the generated config file for filebeat (you'll find its path in collector_sidecar.yml). Cheers, Jochen On Tuesday, 27 September 2016 04:07:13 UTC+2, GiangCoi Mr wrote: > > Yes. in file config .yml. I configured tag "apache"

[graylog2] Re: ELastic search for logs in graylog server

Hi Sam, On Tuesday, 27 September 2016 01:29:02 UTC+2, sam wrote: > > As said like elastic search is responsible for storing the logs. Other > than graylog web interface, is there anyway I could look for those stored > logs in elastic search (where the logs are stored) URL (If there such kind >