[graylog2] hostname missing in logs received from syslog-ng

2017-01-13 Thread Li Li
Hi, all, A portion of logs received from syslog-ng is missing, for example, logs entries expected are: Jan 12 17:04:22 Lab-PA5020.lab.hsc.net.ou.edu 1,2017/01/12 17:04:21,0011C102743,TRAFFIC,start,1 But in graylog, "Jan 12 17:04:22 Lab-PA5020.lab.hsc.net.ou.edu 1,2017/01/12" is

[graylog2] Re: SImple pipelene creation issues

2017-01-13 Thread Jochen Schalanda
Hi Eugene, On Friday, 13 January 2017 17:39:50 UTC+1, Evgueni Gordienko wrote: > > I did manual message loading and applying the rule and it works as > intended. > No clue how to debug. > I generate message with create_message("metric:123"). > Is the "metric" field also there if you search for

[graylog2] Re: Incomplete write in php gelf library

2017-01-13 Thread Jochen Schalanda
Hi, On Friday, 13 January 2017 12:50:53 UTC+1, Алексей Лашнев wrote: > > I'have aready done it. https://github.com/bzikarsky/gelf-php/issues/78 - > but there is no reply yet. So i don't know what's the problem there? In > graylog or in the library... > Since the error message originates from

Re: [graylog2] Re: Seperate Data from streams in defferent elastic nodes

2017-01-13 Thread Jochen Schalanda
Hi Richard, On Friday, 13 January 2017 12:40:31 UTC+1, Richard S. Westmoreland wrote: > > Wow! That is going to be an awesome feature in so many different ways. > What kind of timeline do you have for this next release? > We're already in beta phase and will probably publish a release

[graylog2] Re: Can I change dashboard source from input to stream?

2017-01-13 Thread Jochen Schalanda
Hi Joan, On Friday, 13 January 2017 12:33:35 UTC+1, Joan wrote: > > I've seen that some people are exporting as a content pack and editing the > json, but is this the simplest way to achieve it? > Yes, that's currently the easiest way. Alternatively you can edit the dashboard definition in

[graylog2] Re: Splunk output plugin error

2017-01-13 Thread Jochen Schalanda
Hi Frank, On Friday, 13 January 2017 14:49:56 UTC+1, Frank wrote: > > There is a grok filter %{SYSLOGBASE2} (from the default logstash grok > patterns) which should format the timestamp correctly. > Did you make sure that the "timestamp" field is an actual timestamp and not a string after

[graylog2] Re: Splunk output plugin error

2017-01-13 Thread Frank
Hi, these are syslog messages that get into Graylog by a syslog input. There is a grok filter %{SYSLOGBASE2} (from the default logstash grok patterns) which should format the timestamp correctly. Anyway, we decided to ditch the Splunk output completely, so I don't have the possibility to do

[graylog2] Re: Incomplete write in php gelf library

2017-01-13 Thread Алексей Лашнев
I'have aready done it. https://github.com/bzikarsky/gelf-php/issues/78 - but there is no reply yet. So i don't know what's the problem there? In graylog or in the library... So, i wrote error here too. On Thursday, January 12, 2017 at 4:29:00 PM UTC+3, Jochen Schalanda wrote: > > Hi, > > make

Re: [graylog2] Re: Seperate Data from streams in defferent elastic nodes

2017-01-13 Thread Richard S. Westmoreland
Wow! That is going to be an awesome feature in so many different ways. What kind of timeline do you have for this next release? > On Jan 13, 2017, at 7:05 PM, Jochen Schalanda wrote: > > Hi Till, > >> On Friday, 13 January 2017 10:29:45 UTC+1, Till Brinkmann wrote: >>

[graylog2] Can I change dashboard source from input to stream?

2017-01-13 Thread Joan
I'm on graylog 2.1.2, and recently I started using the roles feature to create some read only users. When we started with graylog we created all the dashboards using the input instead of a stream, but now this is an issue because the read only users can only see the dashboards but are not able

[graylog2] Re: Seperate Data from streams in defferent elastic nodes

2017-01-13 Thread Till Brinkmann
OK Thanks ! We will update and read the DOCS. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion

[graylog2] Re: Seperate Data from streams in defferent elastic nodes

2017-01-13 Thread Jochen Schalanda
Hi Till, On Friday, 13 January 2017 10:29:45 UTC+1, Till Brinkmann wrote: > > So does anyone can give us a hint how we can delete the AD loggs by days > or > can seperate it in another database store on disk. > This will be possible in Graylog 2.2.0 with index sets. Cheers, Jochen -- You

[graylog2] Seperate Data from streams in defferent elastic nodes

2017-01-13 Thread Till Brinkmann
Hi there, we need to seperate huge amound of data of the Windows AD Servers from all others. The Windows AD Servers are heavy bullshit talking systems ~300msg per seconds. We do not need to keep this information longer than 5 Days. Because of the heavy load from the AD Servers the

[graylog2] Re: graylog REST: All messages from stream or from specific server

2017-01-13 Thread Till Brinkmann
THANKS ! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit

[graylog2] Re: SImple pipelene creation issues

2017-01-13 Thread Jochen Schalanda
Hi Evgueni, do the messages in Graylog, which have been processed by that rule, contain the "metric" message field? Cheers, Jochen On Friday, 13 January 2017 03:10:42 UTC+1, Evgueni Gordienko wrote: > > Hi All, > > Need some help with creating simple test pipeline. > I created pipeline Test